[Standards-JIG] Re: FW: [jadmin] ssl between servers

Stephen Marquard scm at marquard.net
Tue Mar 15 05:31:24 UTC 2005


Peter Saint-Andre wrote:
> On Mon, Mar 14, 2005 at 05:48:32PM -0600, Joe Hildebrand wrote:
> 
>>One could certainly configure their server such that if you weren't
>>doing TLS on a S2S connection, the connection gets dropped.
> 
> 
> Yeah, but I'm just an end user, not a server admin. I want to send a
> message to you on another server, and I want to know if it will go over
> an encrypted channel from my server to your server and from your server
> to your client (presumably I know if my connection to my server is
> encrypted). Right now I as the end user can't do this.

I have to think that's of limited use though.

If you don't trust the two (or more) servers that will handle your 
message, use end-to-end encryption (as even with SSL on c2s on s2s 
links, the servers still have your message in clear text, so a "padlock" 
icon showing that all hops are encrypted is misleading).

If you do trust the servers involved, you probably know whether they're 
running s2s SSL or not.

Regards
Stephen




More information about the Standards mailing list