On 10/30/2013 05:55 PM, Peter Saint-Andre wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/30/13 8:36 AM, Yann Leboulanger wrote:
On 10/30/2013 01:21 AM, Mathieu Pasquet wrote:
On Tue, Oct 29, 2013 at 05:09:32PM -0600, Peter Saint-Andre
wrote:
I just updated the encryption manifesto to incorporate feedback
and clarify a few points:
https://github.com/stpeter/manifesto/blob/master/manifesto.txt
Your feedback (and signatures!) matter.
Peter
- -- Peter Saint-Andre https://stpeter.im/
Hi,
Hi Yann!
BTW thanks for Gajim -- I've been using it on my new Linux laptop and
I might send you some patches before long. ;-)
Wow great, we'd be proud to have patches from you ;)
I'd also would like some clarification about removing plain
connection. In some situation (you have a local server for ex) the
server can allow only non-secure connections to prevent memory
consumption. So should we really disable plain connection or just
disable it by default, and require some user advanced configuration
to enable it?
As the text is written right now (0.4), requiring channel encryption
is something that service operators who sign the manifesto commit to.
Software developers commit only to supporting channel encryption and
preferring the latest TLS version, cipher suites with forward secrecy,
etc. I do think disabling unencrypted streams is a smart default. I
don't particularly want to tell client developers how to (or whether
to) allow a cleartext connection (e.g., an advanced user setting).
Ok nice. Then you can count my signature as Gajim's dev. We'll do our
best to improve things, and count on those tests to help finding what's
to be improved.
--
Yann
_______________________________________________
JDev mailing list
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: [email protected]
_______________________________________________
