On Jul 12, 2013, at 2:21 PM, Kevin Smith <[email protected]> wrote:
> On Fri, Jul 12, 2013 at 9:16 PM, Peter Saint-Andre <[email protected]> wrote: >> In general, XMPP server >> implementations don't perform proper (RFC 6125 / RFC 6120) certificate >> checking and don't have an option to refuse connections from domains >> that lack proper certificates. > > I thought we found in our S2S TLS interop tests a couple of years ago > that servers generally /did/ have the options for doing secure S2S > (with one or two exceptions), it's just that they don't get enabled in > typical deployments. > > There is certainly a problem here, but it doesn't seem to me it's that > code hasn't been written. > The implementation most likely can handle it, the deployments might not be as successful. This is especially for true for multi-tenant servers, where getting RFC 6125 certificates can be nigh on impossible. - m&m Matthew A. Miller < http://goo.gl/LK55L >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
