Peter Saint-Andre wrote: > Dirk Meyer wrote: >> But IMHO TLS should be mandatory > > Maybe someday, but not soon. We tried that for one week at jabber.org > but only for c2s, not s2s.
Wait a second. s2s does not use TLS in most cases? I understand that TLS and certificate checking may be difficult for a client, but for a server? So if I use TLS and my friend uses TLS we may still may have a weak link between the two servers? I thought s2s TLS is standard today. Do you have any statistics about how many servers xmpp.org talks to have TLS? > I'd love to get to the point where we require TLS across all the hops, > but I don't think it will happen very soon. c2c security NOW! :) Dirk -- May brute force be with you.
