-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/19/13 9:21 AM, Ralf Skyper Kaiser wrote: > > On Tue, Nov 19, 2013 at 2:12 PM, Ashley Ward > <[email protected] <mailto:[email protected]>> > wrote: > > On 19 Nov 2013, at 12:30, Ralf Skyper Kaiser <[email protected] > <mailto:[email protected]>> wrote: >> Pinning does not require any protocol change in its simplest >> form. > It can be done with just minor changes on the client side. > > Agreed - in its simplest form you could use it on the c2s > connection to ensure the server?s certificate hasn?t unexpectedly > changed and there?s nothing to stop xmpp clients implementing it. > > > It would be nice to have this as an optional item in the manifesto > (either Pinning-light or full pinning) so that it is on the > roadmap. > > > But this is only a small part of it. XMPP is federated, so how > does a user ensure that the ongoing s2s connection isn?t > compromised? > > > I agree. But just because we do not have a solution for every > security problems shall we not stop developing a solution for any > security problem. > > [...] > > I think we also need to be careful not to downplay DNSSEC and DANE > too. They are infinitely better than most of what?s happening > today, so saying things like "DANE does not cut it? could be > disingenuous and may deter people from implementing anything > because it?s not ?perfect?. > > > I agree. DANE is an important step into the right direction.
And progress is being made (with many thanks to Thijs for the code running at the IM Observatory!): http://xmpp.net/reports.php#dnssecsrv BTW, I have not read this thread because I am ultra-busy with work at my day job. I hope to catch up later this week. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSi5DdAAoJEOoGpJErxa2pC8MP/1m6i/xojNVy0YEagVtiLLX2 HF23BwoPiN2cqbC4pDPaTAla6wvAR7YHNWyqbIjhjlwu0iOJ1fNNzMRNqM0p8ydM jnKog+X1PcnlZL9/E2mnVibtgHg2s2NqVy75eVzzAlWNShsv5UnUccwiXyi4SilS Gy3F7CtNzg0zljxFKsamaQFSRpdvnGLEPKk1JxkI8ZeB0u4+DnB4ANS5gSWrzNCJ a8r0dRr5AMYIKMGi3dwpwazkbOw7eUxIHTYnQMgNO3m7UOAgBpAh218ffqPAZXti hN6oBR1UikaWTyeAxTtomEDpSgSNiJ9dtfPJLzzCnd1LIrjiNG8ouTRP2kkfmhY7 k6Ol5BtAWJ6fQYGR7RmFdNMfYTp9n7Kfh5kqldNosmAu7Dx7LpbCCQrHNAkV/HPI xI3M2KaaWjeZ6xNX+zLU4VdU/L6afjf7JIgfZT8r+RX8IKNBO04+nU9Xga4ox12b PRPcXuymFn8DZwZz5tqgkfN2PsqM7J2+uKy+GlL3Ft+TGAMGjYSM1p6ZH5TH3QSf wjqbiKlTtGYMHvYUL/kTMwVsyLAPMNawRKL/9a7qsvhqmF5sXR16OPSYS2jFi6Iu bhs0iD7ThGQ4QMoI+wHoao5bymU64R+ajeU6NboobyvM0XktswFnez9z91bxadUp XhD+bq3ZXqjeaftVYKpI =jDK/ -----END PGP SIGNATURE----- _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
