-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 3/21/13 6:59 AM, Jesse Thompson wrote: > On 3/21/2013 1:44 AM, Philipp Hancke wrote: >> Well, TLS usage is a mess. Welcome to nobody cares. > > It's not [only] that they don't care. It's just plain impractical, > to the point of infeasibility, for an XMPP operator to maintain > valid matching certificates for many hosted domains.
Yes yes yes! That's why Matt Miller and I have been working on a suite of specs about "domain name associations"... https://datatracker.ietf.org/doc/draft-saintandre-xmpp-dna/ https://datatracker.ietf.org/doc/draft-miller-xmpp-dnssec-prooftype/ - likely will be merged with https://datatracker.ietf.org/doc/draft-ietf-dane-srv/ https://datatracker.ietf.org/doc/draft-miller-xmpp-posh-prooftype/ Jesse (and other operators), your feedback on those specs would be *very* much appreciated. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRSx0UAAoJEOoGpJErxa2pTAsP/immIU7vFMW+wTKqInje6hWp zauCewAPIyB+DAR8ta080RX7+vBQfYYMpUQnsTojP1T7vvEMgcnAj3ija42D/1Sn fEbpsLCj+xKt3SfJr2d1Ob9wwtlUuDYLW3cHbII55Ap79iXkg4agslM0PdiSkR0p f4hepSgUCTlnKmq4Qk8GWIKfjBeNVCI0kwPC8FBFpe4grisk75eM8oj8f58xw/Q2 j5gVZZDi96GnGYyrDI3xJdUDoj5X6NxvV46Fa9Xm6VaJX6ZEMpcJy2phxrKU31rV bWlYbD2/91OHfkIIjWi8IxKqB6utAHQ4bNZNEG4IqJWx+ToJZkAjP7v7FMT99Jqo d3DTPixEYt23j2JQm7KhX868Pv/xt328t0yKAMtk3ANxokrJTy4wKmcnr8mnNVTw RKeaTsqaTWrFmoqFPSbqJgmuLVORzwnQB464B4Jx5IsYTu6zFUbJnqQJe4G7qfla lR8TsWZ3pF3583uv8Bb0Rv+CsM/xCTQkSkgvXpdEhyC1RbIOlltkCe1Wt9LZISi4 hzkp9MX6LyvQSAzqJM10VZk0VsMt9bKibDLuuTH+GanIrK1SOUpV0ELfMD2MQW/b uoAVxfz3TWrCcDu+fXAbzMgDtFVyJN6VwKSKqYhDJPvJtC3MDbMgXfcPyzlcj2KO S6RfcsTgc7+NcHgdmIeE =rAcT -----END PGP SIGNATURE-----
