[standards-jig] SSL/TLS mandatory (Was: Re: JEP-0077 Password Changing Security Flaw )
jesper at krogh.cc
Sun Jan 25 20:11:27 UTC 2004
I gmane.network.jabber.standards-jig, skrev Chris Mullins:
> While plain-text passwords are certainly worrisome, at least the option
> is there to send them over a SSL/TLS stream. In fact many servers
> REQUIRE the connection to be over a SSL/TLS stream, making the
> plain-text a little bit less significant that it would otherwise be.
I really think that we should require SSL/TLS real soon now, I hardly
can find any reason for anyone to use it. Have I missed anything?
Unlike http where you have anonymous browsing, you username/password is
sent every time you connect to your server in Jabber, which actually
makes all communication sensible.
For statistics on my server:
We can actually se that we are down to about 15% that uses SSL/TLS.
Is it better at other servers?
./Jesper Krogh, jesper at krogh.cc
Jabber ID: jesper at jabbernet.dk
Tøm din hjerne for Linuxviden på http://www.linuxwiki.dk
More information about the Standards