On 2013-10-30 at 10:22 +0100, Thijs Alkemade wrote: > In my opinion, “trusted” should not mean “can xmpp.net make a connection it > trusts” but rather “can (most) end users make a connection without certificate > warnings”. Currently, I’m not aware of any client supporting DANE. (This also > covers my opinion on CAcert.)
Reasonable, thanks. "Trusted" might be a poor choice of words, given than without pinning, history shows that the CA system is already too vulnerable here, so relying purely upon the CA for _unattended_ operation s2s, where a human would not have an opportunity to review (unless diligently reviewing logs) may result in false self-assurances of integrity. But "the perfect is the enemy of the good" and this is definitely a huge step forwards, as is the manifesto; so as long as this state is not seen as the end goal but a worthwhile step, I'm all for it. > Of course, this is only my own opinion. :) The test should be useful for the > community, so if the consensus is that DANE’s trust anchor assertions should > be allowed for showing up as trusted, then I’m willing to change that. Probably best to just have rough consensus that once a couple of major clients and a couple of major servers have support, the relevant report mechanisms can be updated; s2s and c2s could switch independently. Once a couple have support, and the reporting mechanism shows that this is sufficient for many, it provides gentle pressure on everyone else that they're falling behind in not providing the certificate validity assurance that their users should be able to depend upon. -Phil
pgpSLuF9STZHd.pgp
Description: PGP signature
