[Operators] SSL trust in XMPP world

Kim Alvefur zash at zash.se
Thu Sep 3 18:59:52 UTC 2015


On 2015-09-03 20:31, Evgeny Khramtsov wrote:
> Thu, 3 Sep 2015 20:25:27 +0200
> Kim Alvefur <zash at zash.se> wrote:
> 
>> But seriously, DANE works already¹, why haven't you deployed it
>> yet? :)
> 
> That's not true. In some national domains there is no dnssec support.
> So DANE works in some countries only.
> 

Note the smiley. Just because there isn't 100% deployment yet, doesn't
mean that it does not work today.  I had to switch registrar, self-host
my authoritative DNS server and write a bunch of tooling to deploy DANE.  So

On 2015-09-03 19:25, Andreas Tauscher wrote:
> And since it is DNS based it would be
> easy to implement.

not so much.  But it's getting easier.  And you can set it up today if
you are careful with your choice of TLD, registrar and dns hosting.  And
there will still be CA-issued certificates around for a long time, so
any alternative is likely to be used in parallel where possible and
deployed.

-- 
Kim "Zash" Alvefur

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150903/dd816cb0/attachment.sig>


More information about the Operators mailing list