[Summit] topics

Peter Saint-Andre stpeter at stpeter.im
Tue Oct 8 12:43:37 UTC 2013


On 10/8/13 6:10 AM, Simon Tennant wrote:
>     1. Security -- ubiquitous TLS for the network, stronger cipher suites,
>     no more SSLv2 or SSLv3, etc. -- basically, all the stuff covered in
>     https://datatracker.ietf.org/doc/draft-saintandre-xmpp-tls/ (and more)
>     except we need to figure out how to make it a reality.
> 
> 
> What do you think about us using the summit time to agree on a set of
> dates for implementation. This could include something like the IPv6
> days - soft-enable for a day, fix, hard enable for a day, see what
> breaks. Rinse, repeat.
> 
> I'm thinking that having a timetable/deadlines will help us stay focused
> on this.

In general, yes!

We need to figure out what's needed to make this happen.

I see at least several parts:

* outreach to developers so that all the major clients, servers, and
libraries have support for things like strong ciphersuites, modern TLS
versions, and forward secrecy (with, I think, POSH / DANE at least under
development)

* education for operators so they understand how to configure their servers

* a communication plan to answer the inevitable questions

* a strategy for (lack of) interop with Google Talk

Etc.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/




More information about the Summit mailing list