[Standards-JIG] Was: JEP-0165. Now: selective s2s depending on version?
m at tthias.net
Thu Nov 17 23:20:45 UTC 2005
Andreas van Cranenburgh schrieb:
>- Maybe rather an informative JEP to explain the practice to jabber
> admins? I should follow-up if ejabberd ACL's are up to this idea,
> and I welcome follow-ups regarding any other implementations (which I
> don't know well or at all).
It's implemented in jabberd14 for about two weeks to configure s2s to
require XMPP version 1.0, TLS encryption, or SASL EXTERNAL authentication.
But I do not think, that we are ready to require XMPP 1.0 links on the
Jabber network yet.
>Eg. personally I'd like said policy, so that I can block servers that
>are known not to stringprep (sp?) properly. Security comes before
>interoperability for me, though within reason. Also, naturally I'd block
>any jabberd below 1.4.3 . . . The list goes on, AFAIK :)
Just for the records: jabberd 1.4.3 does not support stringprep. You
have to use at least jabberd 1.4.4 to have stringprep support ...
>Also, this "enforcing" or "selective s2s" would be an extra urge to
>server developers to finally fix their code! stringprep is trivial (ie.
>code is readily available), as far as I can tell :) And don't get me
>started on TLS over s2s, of course, XMPP-1.0 was published how long ago?
Well I thought all (maintained) servers support stringprep and STARTTLS
already. It's just the admins that don't upgrade, or still install old
versions of the software.
But I am no friend of this type of suggestions to force people to
upgrade to newer versions. It would just break the network and nobody
would still know which other person he still can contact. We would just
partition the network into clouds that are not fully interconnected. Our
goal is to have free IM services, services that can interoperate ... not
to copy AIM, MSN, Yahoo which do not allow their users to message with
users of other servers.
Sure there is a problem if and administrator does not care about
security problems, but if the administrator does not care about his
server, there are even more problems than this one. But if we want to
have an open network, this is something we have to learn to deal with
without trying to be the "net police".
More information about the Standards