On 21-Nov-13 21:20, Solomon Peachy wrote:
I have mixed feelings about this, because I'm the only user on my server, and only two folks on my roster aren't google-hosted. Frankly, without Google federation I might as well not bother.
I second this. Many of my users have contacts within Google and I do not wish to break connection between them. I have surveyed a few users with Google contacts on their roster and they all responded that they would not be happy. All but one indicated that either security was not an issue for them or they were using OTR and one even said he would move to a Google account when I told him about the unsecure channel between my server and Google..... I also talked to two users who I know are keen on security and they indicated they already knew that communication with Google could not be trusted and they were using OTR for all their communications in any case.
While I am very much in favor of secure communications between all the involved parties I think I will not participate in the January 4 event. My opinion is that client-to-client security is the way to go. After all no matter how tight the security, within our servers between c2s and s2s communication is insecure by design and messages can still be intercepted in plaintext by a malicious operator. I know I've been stepping over the authentication part of security but I'm trying to look at it from the user's view. They want connectivity most of all and security is either second or done by the user using OTR or similar techniques. I think cutting Google off would harm the XMPP community more than it would harm Google. Therefore I'm also in favor of communicating with Google to attempt to work things out.
My 5 cents. Regards, Eric.
