-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/05/2014 03:41 PM, Marco Cirillo wrote: > Il 05/01/2014 20:13, Mike Taylor ha scritto: So a lot of us flipped > the "encryption required" flag for our Server-to-Server connections > yesterday, how did it go? For my self it went very well, but I also > tend to only communicate to other XMPP folks :) > > I would love to hear from operators and normal users about any > results or issues that were seen or heard about. > > Thanks! > > It singled out a lot of big services here: > > - cisco.com and all webex jabber hosted services
We'll need POSH to include those for authenticated encryption. I'll check into these further. > - google talk and all google apps xmpp hosted domains (and it's > more then you think...) As mentioned, those are supposed to support unauthenticated encryption (TLS + Dialback) before May 19th. > - All servers which run Openfire even if they support TLS, they > seem to trample on authentication steps when they open a stream to > a server which presents both SASL and DB It would be good to know more about what's happening here so that we can ping Guus about it. > - All servers which (seemingly) are pre-1.0 (even those who don't > properly tag their strean headers) Hopefully there aren't *too* many of those around anymore, since 1.0 was defined in 2004. > And beside this had some not so nice encounters with very buggy > jabberd2 servers which started to loop attempting to re-establish a > connection (very fast beside) when the server closed down their > streams. I'll post to the jabberd2 list about that. Do we know what version of jabberd2 was involved? Other scenarios I'm curious about: - - domains hosted at GMX, DreamHost, Flosoft, i-pobox.net, etc. - - Office365 deployments - - Lotus SameTime deployments Peter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSyiPrAAoJEOoGpJErxa2pcS4P/0YAErRzf58uMG3nz124zkni /sK4cObIGRvVhuCCKTizXECFowqGeuaxmZl3sEYEj0bmEm1X8x0GPKBr1I+cfKxW dioBJvyvERAi4re8hOFtuIwVX1U+CpAK1tspSNzWc1dn+kxF6VC0U2/WPBx0tKVs IlCf+CgArINVoBbEqx/676vn5czIBMtUj2qh5f66DSiI1RqOkzbOQ1GWmE0qBkh3 LFTaQE6AMpX6yyix6GOUJY0yPyGTMeQqqAycCQZK2E/aA54ans59e7Inu9iIMOtr 1VQVFNhWy+dYCt+ODud4qS2HM0NErKUHlozib084boIm5rKIHVI2/RHsauDzJBft WCiAyKDp0t7SMShH3FmC5Lxid3CXhhvleYCD9yEctDfhZLyX9AqjNdXlKxDAa6cA HDowYuRXFZNKgJARETVi7/a50tN7fPV6IbYuJgj6NPgsALHAJZF16vvE+HnP17qM WRuNfndzXWMhQK6t5CQu0atsfhchdmcWc24V9bz//Dlklqzeh/UDjL2MjIOsofKs S2hy48cqs6I26gm/GmWl3RDb4RlfNUJkrB7J60h6x2EbP/zZ1JJZEqiEH/xkX0gD qLqFJuxbXR3OoMFPb5H2b1srq1y/SslRZEPcctp38YTIOA8ZhJYaChGmO/yd/g1W FzRyo9v3eRVE/ygU3i5i =VGb2 -----END PGP SIGNATURE-----