Re: [Operators] Gmail federation

Am 11.01.2013 14:14, schrieb Dave Cridland: [...] In Google's case, they have stated very clearly, and very often, that mh... any pointers? ISTR something related to gmail and pop3s... TLS authentication is essentially somewhere between very difficult and impossible for them to deploy, and (q

Re: [Operators] Gmail federation

Il 11/01/2013 17:40, Kevin Smith ha scritto: On Fri, Jan 11, 2013 at 3:45 PM, Marco Cirillo wrote: I'd like to also point out, expecially how STARTTLS is handled xmpp wise, that you can't know what gets implemented and what doesn't explicitly as long as you don't have the software, it's code or

Re: [Operators] Gmail federation

On Fri, Jan 11, 2013 at 3:45 PM, Marco Cirillo wrote: > I'd like to also point out, expecially how STARTTLS is handled xmpp wise, > that you can't know what gets implemented and what doesn't explicitly as > long as you don't have the software, it's code or the implemented thing > reaches "the wire

Re: [Operators] Gmail federation

Il 11/01/2013 14:14, Dave Cridland ha scritto: On Fri, Jan 11, 2013 at 1:05 PM, Marco Cirillo wrote: I just pointed out that it's like this from 2006 which is when it was implemented, perhaps it can't be "suprising" also stated it's rather an inconveniency and that it's not compliant with the c

Re: [Operators] Gmail federation

On Fri, Jan 11, 2013 at 1:05 PM, Marco Cirillo wrote: > I just pointed out that it's like this from 2006 which is when it was > implemented, perhaps it can't be "suprising" also stated it's rather an > inconveniency and that it's not compliant with the current RFC which > requires TLS support on s

Re: [Operators] Gmail federation

Il 11/01/2013 13:56, David Banes ha scritto: You're correct but I don't see how any organisation can justify using plain text communications for their client facing infrastructure in 2013. The simple fact is TLS/SSL should be in use anywhere a business carries a clients data. David http://ze

Re: [Operators] Gmail federation

You're correct but I don't see how any organisation can justify using plain text communications for their client facing infrastructure in 2013. The simple fact is TLS/SSL should be in use anywhere a business carries a clients data. David http://zerp.ly/dbanes xmpp: da...@jabber.org Mobile: +4

Re: [Operators] Gmail federation

Just read a bit of the discussion, and at the very least I'm not sure "surprising" is the correct adjective in terms of GTalk not supporting encryption on s2s streams, it's known from years. It could be "inconvenient" at the very least. And Philippe: Section 5.2 - RFC 6120 << Support for STA

Re: [Operators] Gmail federation

On Fri, 11 Jan 2013, Mathias Ertl wrote: I consider this a bug on your side, TLS is a required feature for s2s-connections. Please fix the issue, as you are currently blocking It is required to implement, not to deploy.

Re: [Operators] Gmail federation

On 2013-01-11 13:13, Björn Kempén wrote: > We do not currently support TLS on our s2s connections, so that's currently > not expected to work. Why not? Will this issue be fixed soon? Its not like Google hasn't been pushing for SSL-only its major services including Gmail. This was a big step forwa

Re: [Operators] Gmail federation

> From: operators-boun...@xmpp.org [mailto:operators-boun...@xmpp.org] On Behalf Of Björn Kempén > Sent: vineri, 11 ianuarie 2013 13:14 > To: Mathias Ertl > Cc: XMPP Operators Group > Subject: Re: [Operators] Gmail federation > > We do not currently support TLS on our s2s c

Re: [Operators] Gmail federation

We do not currently support TLS on our s2s connections, so that's currently not expected to work. On Fri, Jan 11, 2013 at 1:07 PM, Mathias Ertl wrote: > On 2013-01-11 10:25, Björn Kempén wrote: > > Juan Pablo Carlino: > > I suspect that our servers notice that your server is unreachable, and

Re: [Operators] Gmail federation

On 2013-01-11 10:25, Björn Kempén wrote: > Juan Pablo Carlino: > I suspect that our servers notice that your server is unreachable, and > cache this to not attempt to set up a new connection for each outgoing > message addressed to your domain. > It seems strange that this cache would disallow conn

Re: [Operators] Gmail federation

Juan Pablo Carlino: I suspect that our servers notice that your server is unreachable, and cache this to not attempt to set up a new connection for each outgoing message addressed to your domain. It seems strange that this cache would disallow connections for two days though, so I'll look into it.

Re: [Operators] Gmail federation

Hi Björn, On 2012-02-27 11:24, Björn Kempén wrote: > I will update this email thread when I have any updates. Sorry for my impatience, but are there any updates? :-) greetings, Mati > On Mon, Feb 27, 2012 at 11:20 AM, Peter Viskup wrote: >> On 02/27/2012 11:04 AM, Björn Kempén wrote: >>> >>> T

Re: [Operators] Gmail federation

Hello Björn, and why for gods sake? :) now that even google search is encrypted by default... best regards, Thomas On 04/13/2012 09:06 AM, Björn Kempén wrote: Sorry that I missed this email. I can confirm that s2s to gmail does not allow tls. - Björn On Thu, Mar 8, 2012 at 2:57 PM, zhong

Re: [Operators] Gmail federation

Sorry that I missed this email. I can confirm that s2s to gmail does not allow tls. - Björn On Thu, Mar 8, 2012 at 2:57 PM, zhong ming wu wrote: > Hello > > While you are here, could you please confirm or deny that s2s to gmail > domain does not allow tls.  Last time I investigated this topic t

Re: [Operators] Gmail federation

Hello While you are here, could you please confirm or deny that s2s to gmail domain does not allow tls. Last time I investigated this topic the answer was no tls Sincerely Mr Wu On Mar 7, 2012 8:58 AM, "Björn Kempén" wrote: > I'm posting an update to this email thread since I was asked to kee

Re: [Operators] Gmail federation

I'm posting an update to this email thread since I was asked to keep other XMPP operators posted with any updates on the investigations. I've been in contact with several owners of federated networks, and performed debugging sessions which hasn't really lead to anything conclusive. None of the cas

Re: [Operators] Gmail federation

Hi, are you still interested in helping out debugging this server-to-server federation issue? If so, please contact me by email and we'll set something up. - Björn, Google On Mon, Feb 27, 2012 at 11:16 AM, Thomas Camaran wrote: > Hi, > if it's necessary i can give you my server chatme.im for te

Re: [Operators] Gmail federation

On Mon Feb 27 10:04:17 2012, Björn Kempén wrote: Thanks, I was not aware of this issue, and I'll file an internal bug for it :) Also, I've sent out private emails in response to some of the people offering to help out with the server-to-server debugging. Thanks a lot for offering to help us o

Re: [Operators] Gmail federation

2012/2/27 Björn Kempén : > Currently, our server fails a lot of attempted dialback for "real" > reasons, such as domains lacking SRV records, which can make it very > hard to detect regressions in the dialback code. > I'm hoping to have the issues reported here resolved as soon as possible. I oper

Re: [Operators] Gmail federation

2012/2/27 Björn Kempén : > I will update this email thread when I have any updates. Naturally I'd like to help with any investigation into S2S issues between Google Talk/jabber.org, as we see them often and it's not clear to me what's causing them. /K

Re: [Operators] Gmail federation

I will update this email thread when I have any updates. - Björn On Mon, Feb 27, 2012 at 11:20 AM, Peter Viskup wrote: > On 02/27/2012 11:04 AM, Björn Kempén wrote: >> >> Thanks, I was not aware of this issue, and I'll file an internal bug for >> it :) >> >> >> Also, I've sent out private emails

Re: [Operators] Gmail federation

On 02/27/2012 11:04 AM, Björn Kempén wrote: Thanks, I was not aware of this issue, and I'll file an internal bug for it :) Also, I've sent out private emails in response to some of the people offering to help out with the server-to-server debugging. Thanks a lot for offering to help us out with

Re: [Operators] Gmail federation

Hi, if it's necessary i can give you my server chatme.im for test 2012/2/27 Björn Kempén : > Thanks, I was not aware of this issue, and I'll file an internal bug for it :) > > > Also, I've sent out private emails in response to some of the people > offering to help out with the server-to-server de

Re: [Operators] Gmail federation

Thanks, I was not aware of this issue, and I'll file an internal bug for it :) Also, I've sent out private emails in response to some of the people offering to help out with the server-to-server debugging. Thanks a lot for offering to help us out with debugging this issue. Currently, our server

Re: [Operators] Gmail federation

Hello, Björn. > I am one of the guys at Google responsible for our Google Talk XMPP > Federation implementation. We'd like to debug this issue a bit more > in-depth to figure out what's going on. It's very good! We waited for you. Really I have another problem, but with similar symptoms. The prob

Re: [Operators] Gmail federation

Hi Björn, On 2012-02-24 16:15, Björn Kempén wrote: > I am one of the guys at Google responsible for our Google Talk XMPP > Federation implementation. > We'd like to debug this issue a bit more in-depth to figure out what's going > on. > > It would be very helpful for us to have a conversation (o

Re: [Operators] Gmail federation

Hello I am one of the guys at Google responsible for our Google Talk XMPP Federation implementation. We'd like to debug this issue a bit more in-depth to figure out what's going on. It would be very helpful for us to have a conversation (over chat or phone) with someone having these connection is

Re: [Operators] Gmail federation

On Thu, 2012-02-23 at 16:20 +0100, Mathias Ertl wrote: > 2. > jabber.at has > "{s2s_use_starttls, required}." > while jabber.fsinf.at has > "{s2s_use_starttls, true}." Does that mean that it doesn't allow unencrypted connections? Because I've never seen a connection to/from any go

Re: [Operators] Gmail federation

On 23.02.2012 19:03, Mathias Ertl wrote: On 2012-02-23 17:39, Peter Saint-Andre wrote: We experience similar issues at jabber.org -- although for us, we often have a one-way connection, or we can't see presence but messages go through fine. I've contacted the Google Talk team about this but have

Re: [Operators] Gmail federation

On 2012-02-23 17:39, Peter Saint-Andre wrote: > We experience similar issues at jabber.org -- although for us, we > often have a one-way connection, or we can't see presence but messages > go through fine. I've contacted the Google Talk team about this but > have not yet received a reply. I can co

Re: [Operators] Gmail federation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/23/12 7:50 AM, Juan Pablo Carlino wrote: > Hello, > > during the last three months i've experienced an intermittent > problem to federate with google.com . Actually > this is a common problem if you browse the web in search for

Re: [Operators] Gmail federation

On Thu, Feb 23, 2012 at 3:50 PM, Juan Pablo Carlino wrote: > Hello, > > during the last three months i've experienced an intermittent problem to > federate with google.com. Actually this is a common problem if you browse > the web in search for this issue -there are several old threads reporting >

Re: [Operators] Gmail federation

Hi, thanks for your reply. In my configuration all vhosts use the same configuration: {s2s_use_starttls, true}. and 'outgoing_s2s_options' is unset, so it uses the default value (ip4 else ip6). It would be interesting to know if this happens also with other XMPP servers. Thanks, Juan Pablo O

Re: [Operators] Gmail federation

Hi, On 2012-02-23 15:50, Juan Pablo Carlino wrote: > during the last three months i've experienced an intermittent problem to > federate with google.com. Actually this is a common problem if you browse > the web in search for this issue -there are several old threads reporting > the same, until so

[Operators] Gmail federation

Hello, during the last three months i've experienced an intermittent problem to federate with google.com. Actually this is a common problem if you browse the web in search for this issue -there are several old threads reporting the same, until some magic happens on Google side and everything goes