-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/30/13 11:08 AM, Kevin Smith wrote: > On Wed, Oct 30, 2013 at 4:55 PM, Peter Saint-Andre > <[email protected] <mailto:[email protected]>> wrote: > >>> Do we need, to be consistent, to disable the protocol but >>> indicate to the user he will need to perform an extra action >>> to be able to connect, or do we need to make the connection >>> impossible in any case? > > IMHO it's usually not a great idea to give the user insecure > options. :) > > > At the risk of derailing discussions or adding noise, it's worth > noting that not everyone's opinion of what is insecure is the same > and varies by context. I have worked with some XMPP systems where > the connection method doesn't involve TLS that I would consider > pretty secure. > > Service providers on the Internet will probably be fine with > committing to all this stuff, but we should (IMNSHO) continue to > stop short of suggesting to devs what their software needs to do by > default (I think it's sensible to suggest things that need to be > supported).
Yes, that's what the manifesto tries to do w.r.t. software implementations. If it's stepped over the line, let's figure what's right. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJScUBGAAoJEOoGpJErxa2ped8P/2yh4037kJKYPLQ+/vaoorEM JY+J9tbTq/nhbeWBYR9M3MOFXYXFx0pwlDFOUwc/UDlZJzSPUXrpSqwT65FjgF4M HV5FeajrvSSBBUZolcPvc9697f0irnWdSPIDr/WHTG+SSKfyMDxomVW3HwC3b2kp CAhyCGPohx7DSvlTYawomxL9CDaRXL5rwgeb2CuKZXW2etnvEewP40j4GKkxQFLV 6/nJcOibf3O10GaEPaNeunCC/HVAayHSr1dI+TpCiBU/Kwi4kTxpaVCJ/lRig8mc 9Nyum2SZARVc1RuZOHPLiOqKLiCxE5OYVoJXDUXHNjIVzeL+QZHNyQdebA3ZtdEP SX7y85FDxo7Bq7H6MZON7ccixXi0gccF/6ItIufrnGk+3yRUZDfJVNNSY4IIBwag bak+9GATkEOEuZZbofRHDGDAGq2BjFGAjAstBATxhbgwafwBDToVGhhyhgomYczV CELt1bo/svQXVghx5AZR71swfSpKwz49BmdW2bTMxMJ8OgsrCab6krA92bA8CTVs TtvRlGGk0q9LhM7v/1UbmYmwgYGklvd0LtH7ZjWdiZh/k5/hmo8DxCG3+ORkhTxI AHDEH/KyiI2EU0B+yC/yUqzenKKXMk9ap+gqGRiizOdtb1qa1ciwp4YIfk1vMnyS 4k8+azUknraKM1LkW8sS =RCF2 -----END PGP SIGNATURE----- _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
