On 11/25/09 11:18 AM, Jesse Thompson wrote: > Philipp Hancke wrote: >> Peter Saint-Andre wrote: >>> As I always say, we don't need to be perfect, just more difficult to >>> attack than other networks. Part of raising the cost (mostly the cost in >>> time) would involve requiring TLS with CA-issued certificates for s2s >>> (perhaps we can get there eventually!). But as you say there is no magic >> >> If getting there was possible, why is that solution not applied to SMTP? >> >> Besides, the TLS situation on s2s is a huge mess... and will continue to >> be so while you accept "bogus certificates" (as defined below) at >> jabber.org. >> The problem is mostly limited to what is called "starttls+dialback". >> Since that had never been officially specified, it seems that developers >> ignored possible interactions. >> >> Definition of a bogus certificate: >> * subject does contain the hostname (especially: CN=ejabberd) >> * subject is valid but certificate is expired - even expired since >> January 2009. >> * certificate is revoked (that even worked with 0178 style auth when >> I tested it) >> * ... >> Note that I did not include self-signed certificates or certificates >> issued by a CA which is not well-known. Those are probably better >> handled in a ssh-like approach. >> >> Just another piece of "not really relevant" criticism. >> >> philipp > > The TLS situation will not be improved until there is a way for a domain > owner to delegate (via SRV records perhaps) which server provides their > XMPP service. We host over 250 email domains, and one of the reasons > why we don't enable them all for XMPP is because we can't practically > manage that many certificates. The idea that Google Talk will be able > to practically, or ethically, manage thousands of valid matching signed > certificates is preposterous.
That's why we're working on Domain Name Assertions: http://tools.ietf.org/html/draft-hildebrand-dna-00 Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
