[Standards-JIG] Was: JEP-0165. Now: selective s2s depending on version?

Matthias Wimmer m at tthias.net
Thu Nov 17 23:20:45 UTC 2005


Hi Andreas!

Andreas van Cranenburgh schrieb:

>- Maybe rather an informative JEP to explain the practice to jabber
>  admins? I should follow-up if ejabberd ACL's are up to this idea,
>  and I welcome follow-ups regarding any other implementations (which I
>  don't know well or at all).
>
It's implemented in jabberd14 for about two weeks to configure s2s to 
require XMPP version 1.0, TLS encryption, or SASL EXTERNAL authentication.

But I do not think, that we are ready to require XMPP 1.0 links on the 
Jabber network yet.

>Eg. personally I'd like said policy, so that I can block servers that
>are known not to stringprep (sp?) properly. Security comes before
>interoperability for me, though within reason. Also, naturally I'd block
>any jabberd below 1.4.3 . . . The list goes on, AFAIK :)
>  
>
Just for the records: jabberd 1.4.3 does not support stringprep. You 
have to use at least jabberd 1.4.4 to have stringprep support ...

>Also, this "enforcing" or "selective s2s" would be an extra urge to
>server developers to finally fix their code! stringprep is trivial (ie.
>code is readily available), as far as I can tell :) And don't get me
>started on TLS over s2s, of course, XMPP-1.0 was published how long ago?
>[...]
>  
>
Well I thought all (maintained) servers support stringprep and STARTTLS 
already. It's just the admins that don't upgrade, or still install old 
versions of the software.

But I am no friend of this type of suggestions to force people to 
upgrade to newer versions. It would just break the network and nobody 
would still know which other person he still can contact. We would just 
partition the network into clouds that are not fully interconnected. Our 
goal is to have free IM services, services that can interoperate ... not 
to copy AIM, MSN, Yahoo which do not allow their users to message with 
users of other servers.

Sure there is a problem if and administrator does not care about 
security problems, but if the administrator does not care about his 
server, there are even more problems than this one. But if we want to 
have an open network, this is something we have to learn to deal with 
without trying to be the "net police".


Tot kijk
     Matthias



More information about the Standards mailing list