-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/23/13 3:20 AM, Dave Cridland wrote:
> Google's was exasperated Exacerbated? But our Google friends were probably exasperated, too. > not by simply allowing federation, but by allowing largely > unauthenticated federation, making it by far the weakest point. Had > Google deployed TLS, and required X.509 authentication (even whilst > handing out a single certificate for all its thousands of domains), > then I think the bar would have been raised significantly - > possibly even enough to make the spammers use user accounts instead > (as they now will). Moreover, it would have helped the community as > a whole. As Jesse pointed out, it's not clear that this would have helped all that much. It might have helped to prevent some rogue servers (but we don't have any stats on how many such servers there are or were). It would not have helped to prevent spam from spammy users at otherwise legitimate servers (and as far as I know the bulk of the spammy invites came from users at legitimate servers). > Still, we're now free to put a lot of this into place - Google > Talk's low security stance was demonstrably reducing the security > stance of the entire network, and moreover, it was also an > attractive target for spammers, so we'll have a lot of the pressure > reduced. Right, so let's get to work. :-) Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRnjCgAAoJEOoGpJErxa2peL0P/jXAtlDqfGdITvpWaHDxeT6o B8qzHB2lriLG3ngN0qQjruyC0mM6lV/ixpWCljt+cR1wMUFrTylmtQbZlH4T1ucK HjmR+IC9CRpjIMLA9hx9/twvRX+4U4dLYRByUN82HC6Uv9vhwHpj8unckCmnegsM CsMlLnQeAEx9+v1s7egi8AjsLLgJwEte64OLMq5Bk0UL0p4DJVotU8IWG2pTMKr+ 6NmIiW3Vs+RrcXOZQkAd+n9AD5pFMsYYqtPa5r+w6WzsTKCOHwGJX+4gNQ87EysE PSCyODu7McKS7EX+S5rF1zEFxp3iYPtZMnH6Tia3YxPmIgk6MOa6geRpiFBsPo5T mxd/hpo33NG7JwHBCSISu1Yk0BG3gKe1fzKFc+FhlACfoD/JD5f4NbUvje75b+MJ /1CRBghbD/K6yXS0SPM1LP1Gg7puJnKHUQnlLlRBKo77l8czmZxQzfwe4ZDH7YwG Keq/5jOOWnsPK+B54lsXibG4fPMNGGID7PdmX7OpRWkZHUaDSIZX4TqMu4apPRtb cZ+/LfSM/0U1WVOSAHYU8d3YzCJlCwLChnOOMFLzR4827DHTf+FSvBbvsQFhRG3Q jYQ7tRvkl3qvPeLJ62GfFyWN4xY2I6ADnw9wKtdsNPFTKB7VoNoX63MwfHfaoM+a 6RjPzEstQL2hjIf2Pw8v =CXOU -----END PGP SIGNATURE-----
