-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/29/13 11:43 AM, Philipp Hancke wrote: > Am 29.10.2013 18:40, schrieb Jesse Thompson: >> On 10/28/2013 2:52 PM, Peter Saint-Andre wrote: >>> On 10/28/13 1:41 PM, Jesse Thompson wrote: >>>> Are there more details? Specifically, does "hop-by-hop >>>> encryption using SSL/TLS" require strong association between >>>> a domain name and an XML stream as described in >>>> draft-ietf-xmpp-dna-04? >>> >>> We, as a community, need to figure out what we can do. >>> >>> Realistically, I think we need to prefer authenticated >>> encryption via PKI, POSH, or DNSSEC/DANE and fall back to >>> opportunistic encryption via TLS + dialback. >> >> So, the presumption is that servers which aren't capable of at >> least TLS+dialback will be cut off? > > Yes. That means gtalk and google apps. But google made the first > move in breaking that.
Well, it is *possible* that the Talk team will decide to put some investment into server-to-server security and thus join the encrypted XMPP network (mostly likely requiring support for POSH or DNSSEC). Naturally we'd all welcome that, but IMHO we need to move forward even without Google Talk and their hosted XMPP services on board. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSb/Z5AAoJEOoGpJErxa2p5Z0P/0+7YUlYiXkXmNrFXCR2fTro GTpJy60jFgLgst0dSNf+dPsW1ynUnIyzUu3h1Ibn2IwOz6J11lHwLNQd6SXtAqoH 1Magd4w/7qP313aXYsRo/rEyqZsCmLfxdr21DJXHb19YELQIGEcX4xpVUKiUoXXA CFPDgqaoc0ZWMy04m+YJocZnxuRt+OfujacLBLSYx/kF8H+89hPa+UCQSKfSgjCt sB6B7aHtMSDw+RCf94mjdOgpzLlu6TYgMjJ2j5xSyXFM9/4Zb1LK2YjEIjdUbteD zdZnKMdMVAQA+X1l921JgO7ggbuockswO8ZcBNgvyOUDwww5HOgrfR3P5XWGimcm Q9q7TcMMxTwUw9qn36d7DBMDgO5hxLLkSvq20CHFtwUJWQODGYQAvVoG0gGOM9Z4 imuqCTkQt/863eG89ArAXW5wmndvXRw3Mrf6qQZGy+7VRICzcwUQxfVjgWRFNbx2 1AgN7s4iJOz50Kj8UpiIlNQpshNKBfKmkiIWoZHTqHoR7NCXE0NtKXOfwp7kiB7N geoJ16OalI6VCVP48vWssBbTmdji7LKa2GapUHx5rKic94FJHHici667z7M9SHzz 7LInC10lhjZ/zISf90k0lymOEZq9JtmZiQVGaT3n/X8DKFJnllL+dMGt4CJp9IJz JOO9SWz49vKTGOSd1ZF/ =yyE3 -----END PGP SIGNATURE-----
