-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 8/28/13 10:14 AM, Simon Tennant wrote: > I'm attempting to gather the details in one place on how to secure > XMPP servers C2S and S2S traffic: > > http://wiki.xmpp.org/web/Securing_XMPP
Thanks. As you've seen from the news over the last 24 hours, things are even worse than we thought. Among other things, forcing the use of SSL/TLS is not enough. We need to be careful about what ciphersuites we allow. Some of the older, weaker ciphersuites need to be disabled (e.g., RC4 / MD5). We need to start preferring ciphersuites that enable perfect forward secrecy (PFS). And even if we have ubiquitous per-hop encryption, OTR is looking more important. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSKgVpAAoJEOoGpJErxa2pi/gP/iIi0Dp5+AbfXLc8vxWZuGQZ Y8nxaC5ni0pWpjSoUrQLGeht8tUXuCKmFhziSivnHRjOn1wVakkMQUKT/hfcj5M3 46P1ffQ76Zpg6Tnsx6nnw3C16wEgC9XAU1kaQB8RFSUIkyQstx3V7HMwmcWJVRLC pIlvV6Ko4hIXc8TQkVxHrvlR8y1Qs8VsbMrBjEUIzZyaxSn0heIfUluoQZr5zuWY Q20DY5wgilRZCd2ptRRhBqEkeP9KNC7kj9sFTqAWMYeAWA9/QGadTMKEVHCULlZW a398RiXn2+ipegCsysuoFg1En8zv8ToiY8F2Odg7hmUok+0e52idusLzp82aHNM/ Nifw2R2Pi/kTqJdnEY5QZeQMgAropq3AAiv84uR8aZcU7wJ6rQTQeK7dhwl+v8V1 agHZ0w0T/UhZT4RlqRD7FzMm1qPMy3B/+77y9cXdtzD39Wfkt67eTAQhnei5h3tU j+gNj3YASXiSjc18+rwZZOZ4f6OUrYF463Z59NVCNi7TOdd5Y7RmhRXtQlFC+SC/ nviMC80EUQp5nnNSFkNDi8/jBkcKEgVTg5MGRHUI46Yt8ocWr5RqPvLv+4Ebamn3 3E5pB8miahnsaVIoEl82eNw9ndeiq7O9MEY56clgE8NVEjBkfIOIDkgkQImjTSOQ n0Flq/iK3lqUUf28ra14 =5eiA -----END PGP SIGNATURE----- _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________
