[Operators] SSL trust in XMPP world
ta at geuka.net
Thu Sep 3 17:25:54 UTC 2015
On 09/03/2015 12:19 PM, Peter Viskup wrote:
> we know there still are issues with CA-signed and self-signed
> certificates. Self-signed certificate was the main reason for not
> accepting our server into the list of public XMPP server.
> From my perspective it would be great to implement XEP similar to
> Convergence . That could solve at least some of the issues with
> certificates we have at the moment. On the end the CA-trust-lists would
> be removed from the clients and servers would be able to check the
> validity of certificates for s2s connections.
DANE would solve this problem. And since it is DNS based it would be
easy to implement.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the Operators