On 29 August 2014 11:45, Marco Cirillo <mara...@lightwitch.org> wrote:
> The main challenge, at least here, regards communicating with "silos" > like Google/Google Apps domains and webex hosted domains (cisco.com etc). > And since my users demanded that with high voice irregardless of security I > had in the end to (add code to) allow exceptions to grant s2s communication > with those services. > > That's an excellent point, actually, and one I hadn't addressed in this note - some implementations have had to gain new features in order to handle the security landscape changing. I know Prosody, too, has developed a mechanism for whitelisting domains, so deployments can relax requirements for Google et al. > Marco. > > Il 29/08/2014 10:54, Dave Cridland ha scritto: > > Folks, > > I really need your help. > > I've been asked to give a talk next Wednesday to the Internet > Architecture Board - the senior panel of the IETF - about the changes we > made to encryption on the XMPP network. > > When I say "I've been asked", I quite clearly mean "They asked lots of > more sensible people first but they all said no" - and I'm very much aware > I'm acting as a mouthpiece for the community here. > > Thijs Alkemade, who maintains the awesome xmpppoke software that powers > the IM Observatory on xmpp.net, has given me bucket-loads of beautifully > graphed data, so I've got the "hard" facts I need to build a story out of. > But hard facts only take us some of the way. > > I'm interested in highlighting why operators chose to enable encryption, > make it mandatory, and other security choices. Stories of the challenges > you guys faced, and what compromises you felt forced to make, and so on are > also going to be very interesting to the audience. Human factors in your > choices are just as interesting as technical ones - a lot of what we do is > around people communicating, so impact to that fundamental ability is of > course important. Facts and figures are welcome if you have them, anecdotes > are good either way. > > The IAB is mostly interested in opportunistic encryption - self-signed > certificates etc - but I'd like to talk about the challenges that CAs > introduce, and discuss DNSSEC, DANE, POSH, PFS, and so on, too. > > In many respects, I'm hoping that this is a chance for the XMPP > community to really influence the future strategy of security on the > Internet - we've clearly managed a huge amount in a very short time, and > we're substantially more advanced in many ways than other communities. > > I'll end this as I begun - I *really* need your help, so please either > send me a mail at d...@cridland.net or reply to this with your comments. > > Dave. > > >