[Operators] debian.org XMPP - using DANE / TLSA?
dave at cridland.net
Wed Oct 28 21:57:00 UTC 2015
On 28 October 2015 at 21:32, Daniel Pocock <daniel at pocock.pro> wrote:
> We are just reviewing the final configuration before announcing
> debian.org XMPP
That's great news.
> Can anybody comment on DANE / TLSA? Should we only talk to servers
> supporting this?
Last time I looked, only around 10% of servers supported DNSSEC, let alone
DANE. I think, given that the RFC has only *just* been published, that
mandating DANE is premature.
Requiring servers to use TLS is entirely practical, requiring them to have
certificates signed by a CA you trust is also reasonable.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Operators