Will there be a reminder for the action days? Because I don't trust myself to keep an electronic reminder actually functional until Jan 4th (yeah I know). I'm only operating a small service though (<20 users), so if I'm the only one with that problem, just don't mind.
Hm, actually I only wanted to ask for the reminder, but now I see more questions arising, so I'll just continue. In fact, most of my s2s is already TLS (although I don't require it). The only exceptions are google+talk and (weirdly) ddg.im (duckduckgo). I've already raised that issue to their attention[1], no fix yet, as far as I know. I already have DNSSEC deployed, so I think the only pending move is implementing DANE from my side. Then waiting for prosody et al. to gain DANE-ability. I “only” have a CACert certificate though, but for moral reasons I decline to move to StartSSL or others. Does CACert qualify for the “well-known and widely-deployed” CAs? (And shouldn't that rather be: “well-trusted and widely-deployed”?) There is cipher suites with forward secrecy. For me on Fedora, this means diffie-hellman, as elliptic curves are still problematic[2] (and I'm not yet sure whether they're to trust, but I guess, noone is). I wonder whether this is considered okay? For c2s I do require encryption already. Are there any requirements for signing, like, minimal user count, influence on development of XMPPish software or whatsoever? And by “requirements” I mean, does it make sense to officially sign if you are, like, a 20 user hobby server operator? ;) regards, Jonas ps.: Thanks for making XMPP happen [1]: https://duck.co/topic/xmpp-server-to-server-connection-with-ddg-gg-is-unencrypted [2]: https://bugzilla.redhat.com/show_bug.cgi?id=319901#c121
