Dirk Meyer wrote: > Peter Saint-Andre wrote: >> Dirk Meyer wrote: >>> But IMHO TLS should be mandatory >> Maybe someday, but not soon. We tried that for one week at jabber.org >> but only for c2s, not s2s. > > Wait a second. s2s does not use TLS in most cases?
Not yet. I think we need to push toward that in a more aggressive fashion. > I understand that TLS > and certificate checking may be difficult for a client, but for a > server? So if I use TLS and my friend uses TLS we may still may have a > weak link between the two servers? I thought s2s TLS is standard > today. Do you have any statistics about how many servers xmpp.org talks > to have TLS? I could pull some of that data for the jabber.org service. >> I'd love to get to the point where we require TLS across all the hops, >> but I don't think it will happen very soon. > > c2c security NOW! :) That's why we're all here. :) Peter
