[Operators] SSL trust in XMPP world

Andreas Tauscher ta at geuka.net
Thu Sep 3 17:25:54 UTC 2015


On 09/03/2015 12:19 PM, Peter Viskup wrote:

> we know there still are issues with CA-signed and self-signed
> certificates. Self-signed certificate was the main reason for not
> accepting our server into the list of public XMPP server.
> From my perspective it would be great to implement XEP similar to
> Convergence [1]. That could solve at least some of the issues with
> certificates we have at the moment. On the end the CA-trust-lists would
> be removed from the clients and servers would be able to check the
> validity of certificates for s2s connections.

DANE would solve this problem. And since it is DNS based it would be
easy to implement.

https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150903/9cb740db/attachment.sig>


More information about the Operators mailing list