On 19 July 2016 at 17:36, Marvin Gülker wrote:
> Am Tue, 19 Jul 2016 16:15:40 +0200
> schrieb Florian Schmaus :
> > Isn't one problem that a cert with CN "example.org" will be valid for
> > all services found on example.org (simply speaking), whereas when
> > using SRV-ID restricts the cert to a
On Tue, Jul 19, 2016 at 06:36:01PM +0200, Marvin G??lker wrote:
> I have always wondered about which domains should actually be included
> into a TLS certificate for use in XMPP services once an SRV record is
> in place. Do I need a certificate which covers xmpp.example.com? Or
> does one for examp
Am Tue, 19 Jul 2016 16:15:40 +0200
schrieb Florian Schmaus :
> Isn't one problem that a cert with CN "example.org" will be valid for
> all services found on example.org (simply speaking), whereas when
> using SRV-ID restricts the cert to a particular service?
I have always wondered about which dom
On 19.07.2016 16:06, Sam Whited wrote:
> On Tue, Jul 19, 2016 at 4:53 AM, Simon Josefsson wrote:
>> I wonder if people really care about this usage any more -- it does not
>> scale well (all domains have to be encoded in the same cert => big
>> certs) and introduces an indirection which often leav
I think the very question is: it's possible to use srv and let's encrypted
certificate? and if yes how with prosody?
2016-07-19 16:06 GMT+02:00 Sam Whited :
> On Tue, Jul 19, 2016 at 4:53 AM, Simon Josefsson
> wrote:
> > I wonder if people really care about this usage any more -- it does not
> >
On Tue, Jul 19, 2016 at 4:53 AM, Simon Josefsson wrote:
> I wonder if people really care about this usage any more -- it does not
> scale well (all domains have to be encoded in the same cert => big
> certs) and introduces an indirection which often leaves room for
> attackers
I don't understand
Martin Vietz writes:
> Hi Tomasz,
>
> On 10.07.2016 23:30, Tomasz Sterna wrote:
>> I am already using letsencrypt for https, but I wasn't sure it would
>> work with XMPP.
>
> You can also secure all other services using ssl/tls with x509, e.g.
> SMTP, IMAP, FTP over SSL, Mumble
Let's Encrypt doe