There is an IM Observatory (https://xmpp.net) site which users actually
use before deciding which service to join, and some clients, Gajim for
sure, actually shows a padlock icon on near the account on server, which
uses encryption. However if there is a self-signed certificate, like one
on exploit.im, Gajim still shows locked padlock implying there is still
some kind of security.
The idea to clients' developers: introduce these padlocks icons and if
there is an insecure connection or self-signed certificate, there should
be warning icon, like red unlocked padlock, as it is implemented in all
major web browsers.
A
On 10/05/2015 04:04 AM, Mike Barnes wrote:
What we need to be doing is putting information about the quality of
encryption used in a conversation in front of the users, and letting
them make informed decisions, instead of fracturing the network
invisibly.
Is there any defined mechanism to do this? Users are accustomed to the
little padlock icons on web URLs, can XMPP client software easily
implement something like this or will it need server extensions to
report back? As a temporary measure, could the server send a direct
message to a user alerting them if the encryption on a connection they
initiate falls below a desired threshold?
Inform the users, don't cut them off from their contacts and leave
them no path to even tell them why.
On 4 October 2015 at 22:53, Vincent Lauton <[email protected]> wrote:
At least gmail,can't say I've blocked the others but I already can't
communicate without forward secrecy.
13:52, 4 October 2015, Vincent Lauton <[email protected]>:
Actually I do...
10:31, 4 October 2015, Evgeny Khramtsov <[email protected]>:
Sat, 03 Oct 2015 13:40:17 +0200
Vincent Lauton <[email protected]> wrote:
Also I meant I'll block servers that don't support any forward
secrecy suites
Great idea, LOL. Do you have gmail.com and all its hosted domains
blocked already? They don't have any "secrecy" at all.
--
Sent from Yandex.Mail for mobile
--
Sent from Yandex.Mail for mobile
