-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 7/12/13 2:30 PM, Matt Miller wrote: > > On Jul 12, 2013, at 2:21 PM, Kevin Smith <ke...@kismith.co.uk> > wrote: > >> On Fri, Jul 12, 2013 at 9:16 PM, Peter Saint-Andre >> <stpe...@stpeter.im> wrote: >>> In general, XMPP server implementations don't perform proper >>> (RFC 6125 / RFC 6120) certificate checking and don't have an >>> option to refuse connections from domains that lack proper >>> certificates. >> >> I thought we found in our S2S TLS interop tests a couple of years >> ago that servers generally /did/ have the options for doing >> secure S2S (with one or two exceptions), it's just that they >> don't get enabled in typical deployments. >> >> There is certainly a problem here, but it doesn't seem to me it's >> that code hasn't been written. >> > > The implementation most likely can handle it, the deployments might > not be as successful. This is especially for true for multi-tenant > servers, where getting RFC 6125 certificates can be nigh on > impossible.
Thus POSH. :-) http://datatracker.ietf.org/doc/draft-miller-posh/ Really it's a crime that we don't have ubiquitous s2s and e2e encryption by now, but I suppose in fairness to us these are hard problems... Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJR4G/VAAoJEOoGpJErxa2p0twP/RC6h29JO799R8BIM7DbDlVi kliXNsWJScSVcejztjCSzqA/gEJFqzIDqxVHp5jdxC1KWxd0yrX1CmFERr7f+xje KKU6vNmf1CG4g314Ycu8ACjwNX0GQuR0/+4jno8aa/aMDq4QFoah7CGg+8Vm/V9y /l1G34CzqYDuOvI6ojPw1MgjujYyCP3dPQ14L4R55EtQX3fJhgsSBonclVmeol/p nR3ZTH/C0OwCSa6IjBLuqhxVnwvsRT6fQNE76gcObw9GcyBy8Ds3bZ5ildPAo0a8 fYI27wrdzx+x3IUkndExkgSIIYLpb8KekSp+M1fkcCqs771qUJY4h+vFWOVCtYm8 ZrTphnRdcFtWbbWU+i1QQKW/cbIre0k0QiP+XM0VXWv8XN+5XZKdjpobdjrMDbP5 fkXLU/J8kRDJaIMZHRlVTvgzmkcZwc77k5tvr4H3mAm1w2WaRNGl7LBojJGdIeG/ upjHAM40q6LnK5L2jgr+yIcX3Q6VleGMzWvERl2XjN494zNRuIJHNs5X7xo+8rbD Ehu6v6Gg6vz05hQSr79ut7221F/MR6wKW7UxKSO6jtq74zcNBUL4HdnEae+sV4mw 1ALtH+vojOZZ4mNOB4s+2kUsZ0DOfJu8duAN65F3m4HgO7yZSn/YNEEKxnYTLKYi OmTzKBpbthIhNBDNP2lr =lcuC -----END PGP SIGNATURE----- _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________