Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-30 Thread Jesse Thompson
On 10/29/2013 1:59 PM, Peter Saint-Andre wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/29/13 12:46 PM, Jesse Thompson wrote: On 10/29/2013 12:59 PM, Dave Cridland wrote: On Tue, Oct 29, 2013 at 5:46 PM, Peter Saint-Andre mailto:stpe...@stpeter.im>> wrote: -BEGIN PGP SIGNED

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-29 Thread Dave Cridland
On Tue, Oct 29, 2013 at 7:28 PM, Olle E. Johansson wrote: > On the topic of user-interfaces: > > - How does a a server that fails to setup a s2s session indicate the > failure back to a client? > - Does the protocol support an error message saying "certificate failure" > or "TLS not available"? >

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-29 Thread Olle E. Johansson
On 29 Oct 2013, at 19:46, Jesse Thompson wrote: > > > On 10/29/2013 12:59 PM, Dave Cridland wrote: >> On Tue, Oct 29, 2013 at 5:46 PM, Peter Saint-Andre > > wrote: >> >>-BEGIN PGP SIGNED MESSAGE- >>Hash: SHA1 >> >>On 10/29/13 11:40 AM, Jesse Tho

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-29 Thread Peter Saint-Andre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/29/13 12:46 PM, Jesse Thompson wrote: > > > On 10/29/2013 12:59 PM, Dave Cridland wrote: >> On Tue, Oct 29, 2013 at 5:46 PM, Peter Saint-Andre >> mailto:stpe...@stpeter.im>> wrote: >> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-29 Thread Peter Saint-Andre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/29/13 12:25 PM, Dave Cridland wrote: > On Tue, Oct 29, 2013 at 6:17 PM, Jonas Wielicki > > wrote: > There is cipher suites with forward secrecy. For me on Fedora, > this means diffie-hellman, as elliptic cu

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-29 Thread Jesse Thompson
On 10/29/2013 12:59 PM, Dave Cridland wrote: On Tue, Oct 29, 2013 at 5:46 PM, Peter Saint-Andre mailto:stpe...@stpeter.im>> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/29/13 11:40 AM, Jesse Thompson wrote: > On 10/28/2013 2:52 PM, Peter Saint-Andre wrote:

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-29 Thread Jesse Thompson
On 10/29/2013 1:25 PM, Dave Cridland wrote: On Tue, Oct 29, 2013 at 6:17 PM, Jonas Wielicki In fact, most of my s2s is already TLS (although I don't require it). The only exceptions are google+talk and (weirdly) ddg.im (duckduckgo). I've already raised that issue t

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-29 Thread Jonas Wielicki
On 29.10.2013 19:25, Dave Cridland wrote: >> In fact, most of my s2s is already TLS (although I don't require it). >> The only exceptions are google+talk and (weirdly) ddg.im (duckduckgo). >> I've already raised that issue to their attention[1], no fix yet, as far >> as I know. >> >> > By TLS, is t

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-29 Thread Dave Cridland
On Tue, Oct 29, 2013 at 6:17 PM, Jonas Wielicki < xmpp-operat...@sotecware.net> wrote: > Will there be a reminder for the action days? Because I don't trust > myself to keep an electronic reminder actually functional until Jan 4th > (yeah I know). I'm only operating a small service though (<20 use

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-29 Thread Jonas Wielicki
Will there be a reminder for the action days? Because I don't trust myself to keep an electronic reminder actually functional until Jan 4th (yeah I know). I'm only operating a small service though (<20 users), so if I'm the only one with that problem, just don't mind. Hm, actually I only wanted to

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-29 Thread Dave Cridland
On Tue, Oct 29, 2013 at 5:46 PM, Peter Saint-Andre wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 10/29/13 11:40 AM, Jesse Thompson wrote: > > On 10/28/2013 2:52 PM, Peter Saint-Andre wrote: > >> On 10/28/13 1:41 PM, Jesse Thompson wrote: > >>> Are there more details? Specificall

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-29 Thread Peter Saint-Andre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/29/13 11:43 AM, Philipp Hancke wrote: > Am 29.10.2013 18:40, schrieb Jesse Thompson: >> On 10/28/2013 2:52 PM, Peter Saint-Andre wrote: >>> On 10/28/13 1:41 PM, Jesse Thompson wrote: Are there more details? Specifically, does "hop-by-hop >>

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-29 Thread Peter Saint-Andre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/29/13 11:40 AM, Jesse Thompson wrote: > On 10/28/2013 2:52 PM, Peter Saint-Andre wrote: >> On 10/28/13 1:41 PM, Jesse Thompson wrote: >>> Are there more details? Specifically, does "hop-by-hop >>> encryption using SSL/TLS" require strong associa

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-29 Thread Philipp Hancke
Am 29.10.2013 18:40, schrieb Jesse Thompson: On 10/28/2013 2:52 PM, Peter Saint-Andre wrote: On 10/28/13 1:41 PM, Jesse Thompson wrote: Are there more details? Specifically, does "hop-by-hop encryption using SSL/TLS" require strong association between a domain name and an XML stream as describ

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-29 Thread Jesse Thompson
On 10/28/2013 2:52 PM, Peter Saint-Andre wrote: On 10/28/13 1:41 PM, Jesse Thompson wrote: Are there more details? Specifically, does "hop-by-hop encryption using SSL/TLS" require strong association between a domain name and an XML stream as described in draft-ietf-xmpp-dna-04? We, as a commu

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-28 Thread Peter Saint-Andre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/28/13 1:41 PM, Jesse Thompson wrote: > Are there more details? Specifically, does "hop-by-hop encryption > using SSL/TLS" require strong association between a domain name and > an XML stream as described in draft-ietf-xmpp-dna-04? We, as a comm

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-28 Thread Jesse Thompson
Are there more details? Specifically, does "hop-by-hop encryption using SSL/TLS" require strong association between a domain name and an XML stream as described in draft-ietf-xmpp-dna-04? If so, does that put the On 10/27/2013 10:24 PM, Peter Saint-Andre wrote: -BEGIN PGP SIGNED MESSAGE-

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-28 Thread Kevin Smith
On Mon, Oct 28, 2013 at 8:37 AM, kdex wrote: > In response to your email subject: Does this include abandoning the > 'legacy SSL' encryption option and finally switching over to TLS only? I'm > not sure why we still have a choice there; isn't legacy SSL more unsecure? > "Legacy SSL" is just cli

Re: [Operators] Fwd: [jdev] TLS Everywhere

2013-10-28 Thread kdex
In response to your email subject: Does this include abandoning the 'legacy SSL' encryption option and finally switching over to TLS only? I'm not sure why we still have a choice there; isn't legacy SSL more unsecure? On 10/28/2013 04:24 AM, Peter Saint-Andre wrote: -BEGIN PGP SIGNED MES

[Operators] Fwd: [jdev] TLS Everywhere

2013-10-27 Thread Peter Saint-Andre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 FYI - Original Message Subject: [jdev] TLS Everywhere Date: Sun, 27 Oct 2013 21:23:08 -0600 From: Peter Saint-Andre Reply-To: Jabber/XMPP software development list To: j...@jabber.org Almost 15 years have passed since my friend J