On 10/29/2013 1:25 PM, Dave Cridland wrote:
On Tue, Oct 29, 2013 at 6:17 PM, Jonas Wielicki
In fact, most of my s2s is already TLS (although I don't require it).
The only exceptions are google+talk and (weirdly) ddg.im
<http://ddg.im> (duckduckgo).
I've already raised that issue to their attention[1], no fix yet, as far
as I know.
By TLS, is that including proper authentication?
Is dialback "proper authentication"?
I doubt that POSH or DNSSEC/DANE are very widely available, and relying
on PKI is plagued with name mismatches for hosting providers as well as
lack of CA root certs in trust chains.
Jesse
