On 1 September 2014 12:19, Evgeny Khramtsov <[email protected]> wrote:
> Mon, 1 Sep 2014 11:52:22 +0100 > Dave Cridland <[email protected]> wrote: > > > On 31 August 2014 22:28, Evgeny Khramtsov <[email protected]> wrote: > > > > > Sun, 31 Aug 2014 22:35:07 +0200 > > > Jonas Wielicki <[email protected]> wrote: > > > > > > > > > > I left the c2s-encryption-required switch in place (there would > > > > have been out-of-band measures to reach me if that had been a > > > > problem) > > > > > > A year ago I did some experiment on a medium size server (150,000 > > > users online in peak). I modified ejabberd so it added starttls > > > <required/> tag without actually requiring it, i.e. ignoring this > > > tag by a client was OK. The results were bad: about 20% of clients > > > were ignoring it. Mostly some versions of QIP (which is the most > > > popular XMPP client in Russia). > > > > > > > That's interesting - that's people simply ignoring <starttls/> > > entirely, I'd assume. > > > > Do you have the actual figures to hand? That'd be interested data to > > include. It's interesting for two reasons, actually - firstly, it's > > interesting to show that some 20% of clients in some areas don't > > support TLS at all, and secondly it's interesting to show that people > > in the community do this kind of research. > > > > Incidentally, I'm gathering the names of people who're helping me, > > here, and will, of course, have a "credits" slide for those helping > > write the presentation. > > > > The presentation will be online, eventually, but I hate putting > > slides etc up before I've done the talk. > > > > Dave. > > No, sorry, I have sorta NDA for that installation. > But I can repeat the experiment on jabber.ru, if I find time for > that :) The userbase is much smaller though, only 15k online. > > I'm happy to quote the "about 20%" figure and leave it at that. > BTW, you can also mention that there is no DNSSEC support by .ru > registrators, so DANE cannot be used here. I understand that no-one > cares what happens in Russia, but this makes adoption of "DANE-based" > federation difficult. Furthermore, as ejabberd developer I'm not > motivated to add DANE support to ejabberd. Simply because I cannot use > it myself. > I'm already discussing the .im DNSSEC issue, so .ru seems also sensible to mention. Anyone know if .de supports DNSSEC? That's another popular domain for XMPP services. Dave.
