-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 8/28/13 10:28 AM, Matthew Wild wrote: > On 28 August 2013 17:14, Simon Tennant <[email protected]> > wrote: >> I'm attempting to gather the details in one place on how to >> secure XMPP servers C2S and S2S traffic: >> >> http://wiki.xmpp.org/web/Securing_XMPP > > Only feedback so far: you might want to clarify the "single > domain"/"multiple domain" thing - DANE is not a requirement for > securely hosting multiple domains on a single server. I think that > might confuse people.
It's a wiki. Feel free to edit. I plan to. :-) But yes, you don't need DNSSEC to handle multiple domains. In fact if you host just a few domains you could potentially get proper certs for all of them. It's when you host a lot of domains that you need some other solution. DANE/DNSSEC is great for that, or will be when it is more generally available, but IMHO we might need to wait *years* for that to happen. Thus the work we've been doing on POSH as an interim solution: http://datatracker.ietf.org/doc/draft-miller-posh/ See also the domain name associations spec: http://datatracker.ietf.org/doc/draft-ietf-xmpp-dna/ Matt Miller and I plan to update both of those by the end of next week. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSHiZRAAoJEOoGpJErxa2pK5UP+QG+VxXvRVAVTWyBwlQ3vTXw Ulp2N4i2HBOiN0zuAfoy1SfjXaOxkpg7mWD7IQaPzUvZx/5Cup2HJ6k1D3B5I5SJ 7l+pXRdZXBtu5+SCa4USm9bC4rJyXVvPdIS82itcaSUEgGPOrPBusffTEQIGfw/n vHRixNtLIM50C3WV1sLYkY6wMGA1BdEP4qbjmaXF0A7viy9cSMFc5lVIBKlOAeEb 7lD2m9jhU/e1rFtiGISmGGawk9hpjMUfehcI8WmvrUvIt6b6WgC8XZRePXB7S56k z7mL/4CKr++Fe0VCKf97LMWuQPVSKd4O0XzmRqErh8X71xZpTDlCeeKv3b7BuyE8 d9wNVwt7GWznrI3R2SgXNYGyOz/kubtsuihDp0tBsE2Tk58kb+MwikpPgDjahTkp fGeM+IbBsOrgvYRI12utvBDKEIpmzYsjAphOuvug0GCtXrvGd2Qvfx+oiXM8keLp V5FD81tkyIaahKuqWT6RfOkcbVX5QqzxLoZ4gB7GbyL1L+2lDDam2+glcud/vs96 3fQdeJOCpXjMVgtxqQc0OPoKYvfvHUz3I8cLyfDwQVGNHTaGIndYuuVHO+Q15RFw 2xMXnP7s2FE+VDf6OmxBr78daScB0if6Jc9jJeXwa7yfwjxfFVK6vzjS9s4BDlUA K7qoLp1c/SWWVZryUYkk =l5mH -----END PGP SIGNATURE----- _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
