Am 29.10.2013 18:40, schrieb Jesse Thompson:
On 10/28/2013 2:52 PM, Peter Saint-Andre wrote:
On 10/28/13 1:41 PM, Jesse Thompson wrote:
Are there more details? Specifically, does "hop-by-hop encryption
using SSL/TLS" require strong association between a domain name and
an XML stream as described in draft-ietf-xmpp-dna-04?
We, as a community, need to figure out what we can do.
Realistically, I think we need to prefer authenticated encryption via
PKI, POSH, or DNSSEC/DANE and fall back to opportunistic encryption
via TLS + dialback.
So, the presumption is that servers which aren't capable of at least
TLS+dialback will be cut off?
Yes. That means gtalk and google apps. But google made the first move in
breaking that.
