ut neverthless this still reads to me as if the signatories
are asserting they're following a specific set of anti-spam related
configurations and also blocking server connections from (spammy)
Public Servers, if they do not follow the same set.
I don't think, reading your response, you inte
On 8 February 2018 at 08:31, Georg Lukas wrote:
> If you run a public server and are committed to fighting outbound and
> inbound spam, please review the text and let me know if you would agree
> to sign it. Please do not sign it *yet*, in case there is feedback
> requiring changes to the text. Pl
On 20 November 2017 at 08:26, Kristian Rink wrote:
> Folks;
>
> we're currently running an internal XMPP service based upon openfire wich
> works well but has a few drawbacks that don't seem to be addressable with
> this implementation.
>
What are the drawbacks you've found? I'd like to address t
+1. Also, bet on the one that can adapt stably. Matrix has already suffered
interop breaks and forklift upgrades, XMPP is much better in that regard.
One could even see it as the upside of the fragmentation that Matrix
complains of.
On 6 May 2017 08:54, "David Banes" wrote:
> My annual chip in :
On 19 November 2016 at 12:52, David Banes wrote:
> How about following the very large email providers lead and do something like
> this;
>
> https://en.wikipedia.org/wiki/DMARC
> https://dmarc.org/2016/02/how-can-i-tell-who-is-using-dmarc/
As other point out, DMARC is about address spoofing, and
On 19 November 2016 at 13:27, Krzysztof Grochocki wrote:
> Hello.
>
> Over the past year I received spam message only in russian language or in
> russian and english language together. I think we can block such messages
> like it is in one of polish IM - just block incoming/outgoing messages where
On 20 July 2016 at 10:15, Dave Cridland wrote:
>
>
> On 20 July 2016 at 10:07, Simon Josefsson wrote:
>
>> Sam Whited writes:
>>
>> > On Tue, Jul 19, 2016 at 4:53 AM, Simon Josefsson
>> wrote:
>> >> I wonder if people really care about this
On 20 July 2016 at 10:07, Simon Josefsson wrote:
> Sam Whited writes:
>
> > On Tue, Jul 19, 2016 at 4:53 AM, Simon Josefsson
> wrote:
> >> I wonder if people really care about this usage any more -- it does not
> >> scale well (all domains have to be encoded in the same cert => big
> >> certs)
On 20 July 2016 at 08:58, Florian Schmaus wrote:
> For the near future, I hope that certificates using only srvNames will
> become more common. But if you want to stay super "compatible" with all
> sorts of XMPP software out there, then you probably want to put your
> XMPP domain in the CN too. W
On 19 July 2016 at 17:36, Marvin Gülker wrote:
> Am Tue, 19 Jul 2016 16:15:40 +0200
> schrieb Florian Schmaus :
> > Isn't one problem that a cert with CN "example.org" will be valid for
> > all services found on example.org (simply speaking), whereas when
> > using SRV-ID restricts the cert to a
On 13 January 2016 at 02:23, Kim Alvefur wrote:
> On 01/12/2016 06:55 PM, Peter Saint-Andre wrote:
> > Over the years we have discussed a number of potential methods for
> > mitigating (I do not say solving) the spam problem. For example:
> >
> > http://xmpp.org/extensions/xep-0159.html
> > http:
On 24 Nov 2015 11:09 pm, "Arsimael Inshan" wrote:
>
> Hi there.
>
> When I created the DH Keys on my server, I generated 2k and 4k keys. I
was told the 4k keys shouldn't be used (yet) because of incompartibillities
and they wouldn't increase the security this much, but generate way more
problems.
On 28 October 2015 at 21:32, Daniel Pocock wrote:
>
>
> We are just reviewing the final configuration before announcing
> debian.org XMPP
>
>
That's great news.
> Can anybody comment on DANE / TLSA? Should we only talk to servers
> supporting this?
>
>
Last time I looked, only around 10% of se
On 15 October 2015 at 21:07, Finn Herzfeld wrote:
> That's pretty cool, but this whole mapping thing seems broken. Would
> there be a way for a server to probe another server over the clearnet
> for an onion address, then it can cache that and build it's own list? I
> don't know a ton about the a
On 5 October 2015 at 14:22, Matthew Wild wrote:
> This is technically achievable using security labels
> (http://xmpp.org/extensions/xep-0258.html ), though it hasn't really
> been deployed that way on the public network, and not many clients
> support it (though Swift and Gajim both do, and they
Notaries are CAs, except that a CA validation might potentially be
something beyond TOFU, and the assertion lifetime is well-defined. On the
other hand, the CA is picked by the service.
There's a number of approaches to identity validation given an X.509
certificate chain. Not all of them are vali
On 21 July 2015 at 08:44, David Banes wrote:
> On 20 Jul 2015, at 23:19, Jonathan Schleifer <
> js-xmpp-operat...@webkeks.org> wrote:
>
> > Am 21.07.2015 um 00:10 schrieb David Banes :
> >
> >> On 20 Jul 2015, at 23:07, Peter Kieser wrote:
> >>
> >>> On 2015-07-10 2:47 AM, Mathias Ertl wrote:
>
On 11 March 2015 at 09:43, Mathias Ertl wrote:
> back. The XSF has been very sporadic in operators support, the list was
> never (at least: not since 2007 or so) really maintained. Sadly, they
> were very reluctant to ever ask for support, and *always* simply ignored
> any offer for support, even
As sent to the jdev list:
-- Forwarded message --
From: Dave Cridland
Date: 21 January 2015 at 16:59
Subject: Openfire 3.10.0 Beta release
To: Jabber/XMPP software development list
Hey everyone,
Since I took on the role of Openfire project lead, the Openfire developers
have
On 19 December 2014 at 22:55, Dave Cridland wrote:
>
>
> On 19 Dec 2014 22:12, "Waqas Hussain" wrote:
> >
> > On Fri, Dec 19, 2014 at 3:18 PM, Kevin Smith
> wrote:
> >>
> >> On 19 Dec 2014, at 19:36, Mathieu Pasquet
> wrote:
> >>
On 19 Dec 2014 22:12, "Waqas Hussain" wrote:
>
> On Fri, Dec 19, 2014 at 3:18 PM, Kevin Smith
wrote:
>>
>> On 19 Dec 2014, at 19:36, Mathieu Pasquet wrote:
>> >
>> > On Fri, Dec 19, 2014 at 06:48:44PM +, Dave Cridland wrote:
>> >>
On 19 December 2014 at 20:18, Kevin Smith wrote:
>
> On 19 Dec 2014, at 19:36, Mathieu Pasquet wrote:
> >
> > On Fri, Dec 19, 2014 at 06:48:44PM +0000, Dave Cridland wrote:
> >> On 19 Dec 2014 18:32, "Sam Whited" wrote:
> >>> On 12/19
It feels like we should do something like the encryption push, but for
non-plaintext passwords.
On 19 Dec 2014 18:32, "Sam Whited" wrote:
> Another great example of why you should ditch DIGEST-MD5 and store your
> passwords as SCRAM bits.
>
> —Sam
>
> On 12/19/2014 09:24 AM, Peter Viskup wrote:
>
Erm, this one appears to be in error:
On 30 October 2014 05:46, ayoub ayad wrote:
> Hello!
>
> Please add my public XMPP service to the list at xmpp.net. The
> information is as follows:
> domain: [jsoor.tk]
There are no SRV records for this domain, nor A records. (Bizarrely, it
does have an A
On 1 September 2014 12:19, Evgeny Khramtsov wrote:
> Mon, 1 Sep 2014 11:52:22 +0100
> Dave Cridland wrote:
>
> > On 31 August 2014 22:28, Evgeny Khramtsov wrote:
> >
> > > Sun, 31 Aug 2014 22:35:07 +0200
> > > Jonas Wielicki wrote:
> > >
> &g
On 31 August 2014 22:28, Evgeny Khramtsov wrote:
> Sun, 31 Aug 2014 22:35:07 +0200
> Jonas Wielicki wrote:
>
>
> > I left the c2s-encryption-required switch in place (there would have been
> > out-of-band measures to reach me if that had been a problem)
>
> A year ago I did some experiment on a
ing. I know Prosody, too, has developed
a mechanism for whitelisting domains, so deployments can relax requirements
for Google et al.
> Marco.
>
> Il 29/08/2014 10:54, Dave Cridland ha scritto:
>
> Folks,
>
> I really need your help.
>
> I've been asked to giv
Folks,
I really need your help.
I've been asked to give a talk next Wednesday to the Internet Architecture
Board - the senior panel of the IETF - about the changes we made to
encryption on the XMPP network.
When I say "I've been asked", I quite clearly mean "They asked lots of more
sensible peop
On 12 August 2014 12:22, Daniel Pocock wrote:
> Can anybody comment on the current status of interop between Google
> (gmail.com) users and the rest of the world?
>
The only people who can definitively comment are Google.
Personally, I have a Prosody server and various clients like Jitsi and I
Without an RSA cert at all, can a remote server with only RSA negotiate TLS?
On 5 August 2014 19:30, shm...@riseup.net wrote:
> ?
>
> shm...@riseup.net wrote:
> >
> > hi,
> >
> > i was testing an xmpp server and i believe its wrong to reduce the
> > score because of the cert which is reported <
Folks,
I know quite a few of you are running Openfire - you may well have noticed,
but development has been ramping up again for some time. In light of this,
I've volunteered to act as Project Lead. While there's certainly plenty of
work left to be done, I'm keen to get a sense of the most serious
Taking this suggestion seriously for a moment:
If there's genuine interest, the XSF (or some other body) could do this. It
would mean a TLD that we controlled, allowing us to provide, and perhaps
even enforce, DNSSEC and things. But it would also have significant
operating costs beyond the initial
On 4 Feb 2014 18:27, "Evgeny Khramtsov" wrote:
>
> Tue, 04 Feb 2014 09:59:37 -0700
> michael p wrote:
>
> > I'm all for privacy, but I realize I need to trade some in order to
> > use other people's free as in beer services. If people expect free
> > services to also allow anonymous registration
On Tue, Feb 4, 2014 at 5:28 PM, Alexander Holler wrote:
> Am 04.02.2014 17:59, schrieb michael p:
>
> Wait, why do the phone numbers need to be stored/logged? Can't a
>> completely separate system be used to send an audio message or text to a
>> number, then once the correct verification code is
On 3 Feb 2014 16:44, "Andreas Kuckartz" wrote:
>
> Claudiu Curcă:
> > 1. Why is that comment classified as "XMPP bashing"?
>
> As far as I know Daniel is mostly an SIP guy and is trying to _help_ the
> XMPP community by pointing to that comment. But I also do not think that
> the comment is "bashi
On Thu, Jan 23, 2014 at 10:55 AM, Cesar Alcalde wrote:
> Well, actually you could setup DNS SRV records pointing to a third party
> server (like the MX record for mail).
>
> So you can have a server example.org with a web server, a ftp server...
> And xmpp accounts @example.org although the actua
This is possibly a better conversation to have on jdev@ or standards@
On Thu, Jan 23, 2014 at 10:27 AM, Daniel Pocock wrote:
>
> For example, many free software projects (Debian, Fedora) offer their
> developers mail forwarding (poc...@debian.org->dan...@pocock.com.au)
> without having any mailbox
On Sun, Jan 19, 2014 at 8:43 AM, Daniel Pocock wrote:
> As mentioned in the other email, FOSDEM is coming up, maybe that will be
> an opportunity to discuss in person? (Please don't let my .au domain
> deceive you, I'm based in central Europe)
>
Sadly, I don't think Matt is joining us this tim
On Sat, Jan 18, 2014 at 10:37 PM, Matthew Wild wrote:
> Hi Daniel,
>
> On 18 January 2014 21:50, Daniel Pocock wrote:
> >
> > Hi all,
> >
> > We have just enabled federated SIP for debian.org. It is very basic,
> > just a SIP proxy and TURN server. People can register and make calls to
> > eac
On Tue, Jan 7, 2014 at 2:43 AM, Peter Saint-Andre wrote:
> And do please note that several weeks ago I updated both the manifesto
> and draft-saintandre-xmpp-tls to no longer say that software MUST NOT
> negotiate sslv3.
>
Hopelessly wrong mailing list, but:
Might be worth clarifying that slight
On Mon, Jan 6, 2014 at 3:32 AM, Peter Saint-Andre wrote:
> - - Office365 deployments
>
Meaning the (irritatingly named) Lync? I believe that went through quite
extensive S2S/TLS/Auth interop work. Certainly it's now been put on the
DISA APL (as of September), and that mandates that kind of securi
On Sun, Jan 5, 2014 at 8:21 PM, Peter Saint-Andre wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On my personal server, I too plan to keep the encryption-required
> setting in place.
>
>
I'm turning it off again, for S2S. C2S I had enabled anyway, but seeing as
it's just me, that's n
On Sun, Jan 5, 2014 at 7:52 PM, Waqas Hussain wrote:
>
> Prosody was the first server to allow multiple resources behind a
> single nick (AFAIK, I implemented it in Prosody). I think the ejabberd
> folks were looking into implementing that, but not sure what their
> progress is.
>
>
Yes, you beat
On Sat, Jan 4, 2014 at 9:12 PM, Peter Saint-Andre wrote:
> Speaking of .im, perhaps we could make a list of all the .im domains
> offering XMPP services and send a joint appeal to the .im TLD folks to
> add DNSSEC support?
>
I've tried something unofficial, and haven't had a response (aside from
Something to note; chatting with Jesse Thompson, we found that the errors
we were getting back simply didn't match the likely cases. I saw DNS
errors, he saw similar. I've not isolated the actual fault yet.
On Sat, Jan 4, 2014 at 2:25 PM, Valérian Saliou <
valer...@valeriansaliou.name> wrote:
>
I just switched my switch - requiring encryption everywhere for the next
day or so.
On Fri, Jan 3, 2014 at 8:56 PM, Mike Taylor wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Just a friendly note that the Security Test Day is tomorrow!
>
> I'm cross posting this notice but please
On Fri, Nov 22, 2013 at 10:14 AM, Tim Schumacher
wrote:
> In the past"Björn Kempén " wrote on this very list,
> that he is one of the responsible for the federation stuff at Google
> XMPP, btw at the beginning of this year, the TLS-issue was already a topic:
>
> http://mail.jabber.org/pipermail/op
On Thu, Nov 21, 2013 at 7:26 PM, Matthew Wild wrote:
> With all the talk about the details of the manifesto, one thing we
> seem to mostly only mention in passing is federation with Google, and
> I'm curious to gauge the opinion of people on this list.
>
> We are going to affect a lot of users ac
I found:
http://www.internetsociety.org/deploy360/resources/dnssec-registrars/
And also:
http://www.icann.org/en/news/in-focus/dnssec/deployment
On Wed, Nov 20, 2013 at 2:51 PM, Peter Saint-Andre wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 11/20/13 5:19 AM, Solomon Peachy
On Wed, Nov 20, 2013 at 9:16 AM, Matthias Wimmer wrote:
> Hi Dave,
>
> El 2013-11-19 17:04:44, Dave Cridland escribió:
> > I dropped a mail to the Domicilium people who look after .im today asking
> > about DNSSEC, too.
>
> Probably it's what you meant. I just wan
I dropped a mail to the Domicilium people who look after .im today asking
about DNSSEC, too.
On Tue, Nov 19, 2013 at 4:20 PM, Peter Saint-Andre wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> It appears that more XMPP services are getting their DNS records
> signed with DNSSEC:
>
>
On Wed, Nov 13, 2013 at 10:58 PM, Thijs Alkemade wrote:
>
> Not the same key - just multiple keys generated using the same DH group.
>
That's exactly what I thought you meant and what I completely failed to
type. :-/
Sorry!
Dave.
On Wed, Nov 13, 2013 at 10:41 PM, Thijs Alkemade wrote:
>
> On 13 nov. 2013, at 19:21, Dave Cridland wrote:
>
> To decrypt all communications using 1024-bit DH over a year is likely to
> be vastly bigger than for one conversation; the same isn't true for RSA,
> for e
On Wed, Nov 13, 2013 at 9:44 PM, Fedor Brunner wrote:
> For detailed description of various attack scenarios with calculations
> please read
>
> ECRYPT II Yearly Report on Algorithms and Keysizes
> (2011-2012)
> http://www.ecrypt.eu.org/documents/D.SPA.20.pdf
>
>
Good link; though I suspect the mo
On 13 Nov 2013 17:01, "Fedor Brunner" wrote:
> There is good comparison website for key sizes recommendations:
http://www.keylength.com/en/compare/
> Enter the year until when your system should be protected and see the
Discrete Logarithm Group column.
>
Yes, that site is very nice.
> The scenar
On Wed, Nov 13, 2013 at 3:31 PM, Fedor Brunner wrote:
> For example the server jabber.ccc.de uses 2048 bit RSA public key, but
> the length of the temporary key is only 1024 bit. The public key score
> is 90, cipher score is 90
> http://xmpp.net/result.php?domain=jabber.ccc.de&type=server
Hmmm..
On Mon, Nov 4, 2013 at 1:09 PM, Kim Alvefur wrote:
> On 2013-11-04 03:01, Peter Kieser wrote:
> > Shouldn't the SSL certificate CN match the hostname listed in the "IN
> > SRV" record, since that's the hostname a S2S connection will open to.
>
> No! The domain should match a subjectAltName. Ign
On Tue, Oct 29, 2013 at 10:21 PM, Peter Saint-Andre wrote:
> If the server you're using doesn't support XEP-0227 ("Portable
> Import/Export Format for XMPP-IM Servers"), then I agree you might
> have a problem.
>
> http://xmpp.org/extensions/xep-0227.html
>
>
Kev knocked out a simple exporter, act
On Tue, Oct 29, 2013 at 7:28 PM, Olle E. Johansson wrote:
> On the topic of user-interfaces:
>
> - How does a a server that fails to setup a s2s session indicate the
> failure back to a client?
> - Does the protocol support an error message saying "certificate failure"
> or "TLS not available"?
>
On Tue, Oct 29, 2013 at 6:17 PM, Jonas Wielicki <
xmpp-operat...@sotecware.net> wrote:
> Will there be a reminder for the action days? Because I don't trust
> myself to keep an electronic reminder actually functional until Jan 4th
> (yeah I know). I'm only operating a small service though (<20 use
On Tue, Oct 29, 2013 at 5:46 PM, Peter Saint-Andre wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 10/29/13 11:40 AM, Jesse Thompson wrote:
> > On 10/28/2013 2:52 PM, Peter Saint-Andre wrote:
> >> On 10/28/13 1:41 PM, Jesse Thompson wrote:
> >>> Are there more details? Specificall
On 23 Aug 2013 08:56, "Evgeniy Khramtsov" wrote:
>
> On 23.08.2013 17:43, Dave Cridland wrote:
>>
>>
>> You're wrong, actually. But what Phil suggested here was using it for CA
pinning, where the certificate is signed by a CA not in your list of trust
an
On 23 Aug 2013 08:30, "Evgeniy Khramtsov" wrote:
>
> On 22.08.2013 09:03, Phil Pennock wrote:
>>
>> On 2013-08-21 at 12:52 -0600, Peter Saint-Andre wrote:
>>>
>>> 5. No server-to-server connections without TLS.
>>>
>>> 6. Require proper certificate checking (RFC 6120 / RFC 6125) for TLS
>>> negoti
The XSF did some interop some time back to help test TLS interop, using a
custom CA. The CA software was from my previous employer, Isode.
We could look into setting up servers with those certs again, I imagine,
though the certs themselves would need recreating.
The rest is, as you say, just a ma
On Sat, Jun 15, 2013 at 3:00 AM, Jesse Thompson <
jesse.thomp...@doit.wisc.edu> wrote:
> I'm looking for guidance.
>
>
Aren't we all?
> Now that Google is transitioning to Hangouts, they're no longer supporting
> XMPP federation.
>
>
Well. In principle. But it seems there's *some* federation, bu
On Fri, May 24, 2013 at 12:25 AM, Peter Saint-Andre wrote:
> On 5/23/13 4:50 PM, Justin Uberti wrote:
> > I just realized my statement could be parsed 2 different ways. To
> > be clear: it is sad that spammers were more willing to adopt
> > XMPP*than other IM networks were willing to*. Believe me,
On Thu, May 23, 2013 at 4:36 PM, Kevin Smith wrote:
> There are also likely options along these lines that involve less
> privacy invasion than operators manually examining the accounts. A
> captcha for every subscription request? Only one outstanding (not
> reciprocated) roster request at a time
On Thu, May 23, 2013 at 12:35 AM, Justin Uberti wrote:
> That seems like an overly cynical assessment of the situation. Speaking as
> an individual, it is sad that spammers were more willing to adopt XMPP than
> other IM networks, but so it goes.
>
I'm not sure sufficient information exists in o
On Wed, May 22, 2013 at 5:32 PM, Kim Alvefur wrote:
> On 2013-05-22 18:22, Hannes Tschofenig wrote:
> > PS: I am wondering whether the claimed chat spam problems mentioned in
> the press articles are actually true?
>
> It matches what was said before, search this list for "spammy invites".
>
>
I'
On Mon, May 20, 2013 at 10:33 PM, Kim Alvefur wrote:
> Welcome back to the 90's people!
>
Does that mean I get to push ACAP again?
The best information I've been given is that Google are stopping S2S
entirely, and C2S will be a legacy interface to 1:1 text chat only.
On the plus side, this means there's no reason not to require TLS now.
Dave.
On Thu, Mar 21, 2013 at 11:57 PM, Phil Pennock <
xmpp-operators+p...@spodhuis.org> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: RIPEMD160
>
> On 2013-03-21 at 07:45 -0700, Peter Saint-Andre wrote:
> > https://datatracker.ietf.org/doc/draft-miller-xmpp-posh-prooftype/
>
> """
On 20 Mar 2013 23:09, "Peter Viskup" wrote:
>
> On 03/20/2013 07:03 PM, Dave Cridland wrote:
>>
>> Peter mentioned ensuring that open registration is blocked - I think
that open registration has proved itself our equivalent of open relaying in
SMTP, and we need to ca
On Wed, Mar 20, 2013 at 5:26 PM, Jesse Thompson <
jesse.thomp...@doit.wisc.edu> wrote:
> Frankly, I wouldn't be aware if a public XMPP blacklist already exists,
> since our university doesn't have the problem of XMPP spam. It seems that
> the spammers are only targeting certain services, such as
On 1 Mar 2013 17:03, "Kevin Smith" wrote:
> This sounds very thorough (and entirely reasonable). Is your setup for
> doing this generally available so other servers could take advantage
> of similar systems?
I also wonder whether it'd be worthwhile restricting S2S traffic on new
users initially;
On 13 Feb 2013 16:38, "Marco Cirillo" wrote:
> Just figured I would let you know,
>
> I'm experiencing very slow s2s communication establishments torward
jabber.org, it doesn't seem due to latency or other congestion factors.
Well, that's curious.
I'd note that your certificate appears to have a
On Fri, Jan 11, 2013 at 1:05 PM, Marco Cirillo wrote:
> I just pointed out that it's like this from 2006 which is when it was
> implemented, perhaps it can't be "suprising" also stated it's rather an
> inconveniency and that it's not compliant with the current RFC which
> requires TLS support on s
There's four things you can do with TLS:
1) Compression. This is irrelevant here.
2) Integrity - so you know the bytes that left the peer you're talking to
haven't been changed.
3) Confidentiality - so you know the bytes that left the peer you're
talking to haven't been seen by anyone else.
4)
If it's a JAR, it won't be human readable, but we might be able to look at
the files (it's a ZIP of Java object code), and get a list of targetted
servers.
Then we just disable IBR on the affected servers, or block them.
On Sep 16, 2012 12:33 AM, "Peter Viskup" wrote:
> Dear all,
> would there b
While I agree with much of what you're saying, making a public service
that's not the equivalent of an open relay is hard. Google has a lot of
code assigned at detecting abuse, and a lot of this works because of the
scale of their operation.
I think public servers are possible, but not as they are
If you have concrete suggestions for what the XSF should be doing, and/or
how servers could defend themselves against spam and DDoS, I'd be
interested in hearing them.
My understanding is that they're both difficult problems to tackle without
a lot of data processing and analysis, but that a key i
new" federation work we're doing in XMPP, both at the XSF and the
IETF.
Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d...@dave.cridland.net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
is failing
(in common cases) without you having to manually chase up each case?
If there's anything we could do on a protocol/standards front to make
self-diagnosis of S2S failure easier, I'd be willing to push for
that. (And in my guise as M-Link guy, make sure we implement
PP as well.
Which I'm also happy with. :-)
Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d...@dave.cridland.net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
imate, and then telling people about the conversations these
people were having.
On the other hand, by publishing the address, you've already breached
data confidentiality laws in some jurisdictions...
Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d...@dave.
anything to do
with it beyond a background as to when Daniel noticed.
Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d...@dave.cridland.net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
On Tue Aug 16 09:47:35 2011, Kevin Smith wrote:
On Mon, Aug 15, 2011 at 8:44 AM, Dave Cridland
wrote:
> On Sat Aug 13 23:34:56 2011, Josemar Müller Lohn wrote:
>>> Is it valid to so:
>>> _xmpp-client._tcp.alice.com. CNAME _xmpp-client.bob.com.
>>
>> You can
t the client balance connections to the SRV targets,
but say nothing about multihomed hosts.
(If we're being pedantic, a single name can only have one A record,
but that record may have more than one RR).
Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d...@dave.cridland.n
cations. A
CNAME merely states to restart the resolution using the new name.
Specifically, the requirement that a name with a CNAME record MUST
NOT have any other records (aside from certain DNSSEC ones) would
appear to support that.
Dave.
--
Dave Cridland - mailto:d...@cridland.ne
NSWER SECTION:
210.3.128.188.in-addr.arpa. 3600 IN PTR mail.settv.ru.
inetnum:188.128.3.192 - 188.128.3.223
netname:ROSTELECOMNET
descr: JSC Rostelecom P2P client connections
Dunno if either's significant, based on a sample of one...
Dave.
--
Dave Cridland
red by jabber,
so that more of them do not worry
PS: Ivan with love especially for lovers of DDoS ...
--
I especially like the suggestion of trampling register.
Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d...@dave.cridland.net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
is a problem with subscriptions: you cannot block them
efficiently using roster mechanism. Another problem is MUC (for
obvious reasons).
So we need captchas as a possible response to type='subscribe'/>, do you think?
Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d...
ators thankfully have quite a few options for serious
XMPP hosting, which is good - I think - for the operator community.
Us implementors actually have serious competition, and therefore
incentive to push our products, for one thing.
Dave.
--
Dave Cridland - mailto:d...@cridland.net - x
.
We'll supress it for client-side (it doesn't help here), and work on
a fix. Thanks for the help in tracking it down.
The Openfire guys might want to work on a fix, though, since it's
quite useful to have server-side.
Dave.
--
Dave Cridland - mailto:d...@cridland.net -
On Mon Jul 5 11:37:27 2010, Dave Cridland wrote:
On Mon Jul 5 10:59:43 2010, Nigel Kukard wrote:
If it was C, I would be hacking the code and adding debugging to
see
where the connection is terminating ... etc.
I'd be (secretly, of course) delighted if this were a reason to
move f
eople and find out why.
Thanks man. Nothing has changed on our side at all, same code, md5's
exactly with a backup 1yr ago. Very odd it should break suddenly.
I can't discuss Isode customers, however I can tell you that I
upgraded my server to a more recent build of M-Link and haven
0:21:02 xmppd24937 (root) D-MBOX-Auth closed
originating s2s connection to domain jabber.iitsp.com
[63.246.140.215] (*connection closed*)
The unknown protocol is quite interesting.
I think it's responding with a TLS subversion M-Link doesn't support.
I'll chase this u
means bandwidth cost for connection establishment is much lower.
Of course, for most services it's not going to be a massive impact
(and for big public deployments, you've probably already done this),
but I thought I'd mention it while I remembered.
Dave.
--
Dave Crid
but short of managing to
issue everyone with a certificate, I don't see how that can work. In
my case, for example, since I use a subdomain of my brother's domain,
it requires a logistically complicated trust chain in order to
validate my domain with StartCom. In
--- Original message ---
From: Evgeniy Khramtsov
Sent: 15/11/'09, 5:27
Norman Rasmussen wrote:
XMPP validates the sending server via tls and/or dns (dial-back), so it
removes many of the unauthenticated problems of SMTP.
Sure, but the domain is untrusted even if validated. BTW, we don
1 - 100 of 114 matches
Mail list logo
