You're correct but I don't see how any organisation can justify using plain text communications for their client facing infrastructure in 2013.
The simple fact is TLS/SSL should be in use anywhere a business carries a clients data. David http://zerp.ly/dbanes xmpp: [email protected] Mobile: +44 (0)782 5138 214 On 11/01/2013, at 12:52 PM, Marco Cirillo <[email protected]> wrote: > Just read a bit of the discussion, and at the very least I'm not sure > "surprising" is the correct adjective in terms of GTalk not supporting > encryption on s2s streams, it's known from years. > > It could be "inconvenient" at the very least. > > And Philippe: > > Section 5.2 - RFC 6120 > > << Support for STARTTLS is REQUIRED in XMPP client and server > implementations. An administrator of a given deployment MAY specify that TLS > is mandatory-to-negotiate for client-to-server communication, > server-to-server communication, or both. An initiating entity SHOULD use TLS > to secure its stream with the receiving entity before proceeding with SASL > authentication. >> > > > > >
