-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/29/13 11:40 AM, Jesse Thompson wrote: > On 10/28/2013 2:52 PM, Peter Saint-Andre wrote: >> On 10/28/13 1:41 PM, Jesse Thompson wrote: >>> Are there more details? Specifically, does "hop-by-hop >>> encryption using SSL/TLS" require strong association between a >>> domain name and an XML stream as described in >>> draft-ietf-xmpp-dna-04? >> >> We, as a community, need to figure out what we can do. >> >> Realistically, I think we need to prefer authenticated encryption >> via PKI, POSH, or DNSSEC/DANE and fall back to opportunistic >> encryption via TLS + dialback. > > So, the presumption is that servers which aren't capable of at > least TLS+dialback will be cut off?
Yes. Now, this is a proposal, not an ultimatum. We, as a community, need to come to a decision about whether this is a reasonable course of action. However, I do think we owe it to the users of our services to provide a higher level of security. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSb/SBAAoJEOoGpJErxa2pk4oQAJrVbrLt0lrGh/TpxnU6OjXv hfL8Q4Tzm3dFkkgdXt/cI9fn7W58P98Id17rCA12zIimpnai7zCedtKhcphBbX5p u6r+IvJo9mmhPgvQ37qp0YGRxcTETRtetF4gjAv4cdM43QhglXPg7O1dX0g6i3ta AS1b+IySqrjqCBM9Skp5+EBugioqFh2UgkQa05lpIz0kISwIAw3ziq+ENBA/MTKY PwG67NAunTwRcP23ZHUOivGL8GMF+BujUt2hMcYbhZJaYU17aCQha2eRqO4oNNgp Bg7l6PjvnQTRaVt+rh9qCo+LomuhTnDp0byMdKYAazcM+wNg6WE+cNg0Vj5SC5q0 y7f6EIVgP9spB9R0bFnIqiRnWT1xdre4x49KluydZB0skRE3FRCJtCEJ62i1R7EJ fZJPVTWcnREhiymZySvpboUIkiR/hkRVVvh4+NrHMal5m9aT0m7ovA/uLSFNAYyD ErPaM3BD33ag4x2qdvU63LV6ZzdVJCPQz6S7369ueGVgO7zogje6GKWqs1EClqBa 6lx8by3uAlEt6X5swUudPifOLZNbZBE6NsOx5Ml81NmQt5S6AFNFD6qfGO5dlhS0 8QcW5hbRvHHPw0jvbLSg7YwOqqKcgz/KBDNkTFjgG6lkGPH1Z2cNtqDP+zSxfJLg e/oKTKf3OIQHAYMCVjBA =Y7kX -----END PGP SIGNATURE-----
