On 12 July 2013 22:06, Peter Saint-Andre <stpe...@stpeter.im> wrote: > Really it's a crime that we don't have ubiquitous s2s and e2e > encryption by now
As you may know, we thought very seriously about making the default behaviour for the next release of Prosody to require trusted and valid certificates on all s2s connections. Ultimately we decided against it, for now. But I remain optimistic that we shall do so in a future version (perhaps after making a POSH verification module available). > but I suppose in fairness to us these are hard > problems... Name another protocol as widespread as XMPP that has solved them so far...? :) At least I think we're on the right track, but with things like this I think it takes baby-steps. We have come a long way, many clients and servers require encryption on c2s now which simply wasn't true a few years ago. Regards, Matthew PS. Anecdotal, but currently on my server: 40 "secure" incoming s2s connections (trusted+valid certificate) 37 encrypted with invalid/self-signed certificates 10 not encrypted at all 3 of the unencrypted connections are from the personal servers of prominent members of the XMPP community (you [hopefully] know who you are). A further 2 are domains I'm responsible for (and a server upgrade is already scheduled to fix them), the remaining ones are gmail.com and Google-hosted domains. _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________