[Operators] debian.org XMPP - using DANE / TLSA?
Dave Cridland
dave at cridland.net
Wed Oct 28 21:57:00 UTC 2015
On 28 October 2015 at 21:32, Daniel Pocock <daniel at pocock.pro> wrote:
>
>
> We are just reviewing the final configuration before announcing
> debian.org XMPP
>
>
That's great news.
> Can anybody comment on DANE / TLSA? Should we only talk to servers
> supporting this?
>
>
Last time I looked, only around 10% of servers supported DNSSEC, let alone
DANE. I think, given that the RFC has only *just* been published, that
mandating DANE is premature.
Requiring servers to use TLS is entirely practical, requiring them to have
certificates signed by a CA you trust is also reasonable.
Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20151028/877ec8cc/attachment.html>
More information about the Operators
mailing list