Re: [Standards] Fwd: [Uta] STARTTLS vulnerabilities

On 8/13/21 7:47 AM, Dave Cridland wrote: > > > On Wed, 11 Aug 2021 at 22:49, Peter Saint-Andre > wrote: > > On 8/11/21 3:35 PM, Kim Alvefur wrote: > > On Wed, Aug 11, 2021 at 02:25:56PM -0600, Peter Saint-Andre wrote: > >> Too bad we didn't stick to our

Re: [Standards] Fwd: [Uta] STARTTLS vulnerabilities

On Wed, 11 Aug 2021 at 22:49, Peter Saint-Andre wrote: > On 8/11/21 3:35 PM, Kim Alvefur wrote: > > On Wed, Aug 11, 2021 at 02:25:56PM -0600, Peter Saint-Andre wrote: > >> Too bad we didn't stick to our guns in 2003 and insist on two ports > >> instead of one, but STARTTLS was the recommended

Re: [Standards] Fwd: [Uta] STARTTLS vulnerabilities

Am Mittwoch, dem 11.08.2021 um 14:25 -0600 schrieb Peter Saint-Andre: > Too bad we didn't stick to our guns in 2003 and insist on two ports > instead of one, but STARTTLS was the recommended approach back > then... > I am still not convinced the STARTTLS is ultimate evil. SMTP had way too many

Re: [Standards] Fwd: [Uta] STARTTLS vulnerabilities

We've had this discussion before but for context in this thread: I ignore that as it doesn't make any sense (and follow the second thing and just decide myself how I want to connect). I know at least one or two others do to, but I don't know which strategy is more wide spread. —Sam On Thu, Aug

Re: [Standards] Fwd: [Uta] STARTTLS vulnerabilities

* Sam Whited [2021-08-11 17:21]: > In my experience it's widely supported these days. At least for c2s, yes. > I also don't know if clients prioritize these records over starttls. XEP-0368 says: | Both 'xmpp-' and 'xmpps-' records SHOULD be treated as the same record | with regard to

Re: [Standards] Fwd: [Uta] STARTTLS vulnerabilities

Quoting Kim Alvefur : We were always at war with STARTTLS? The world is at war with both ports < 443 and ports > 443. ___ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org

Re: [Standards] Fwd: [Uta] STARTTLS vulnerabilities

Am 11.08.21 um 23:49 schrieb Peter Saint-Andre: On 8/11/21 3:35 PM, Kim Alvefur wrote: On Wed, Aug 11, 2021 at 02:25:56PM -0600, Peter Saint-Andre wrote: Too bad we didn't stick to our guns in 2003 and insist on two ports instead of one, but STARTTLS was the recommended approach back then...

Re: [Standards] Fwd: [Uta] STARTTLS vulnerabilities

On 8/11/21 3:35 PM, Kim Alvefur wrote: > On Wed, Aug 11, 2021 at 02:25:56PM -0600, Peter Saint-Andre wrote: >> Too bad we didn't stick to our guns in 2003 and insist on two ports >> instead of one, but STARTTLS was the recommended approach back then... > > We were always at war with STARTTLS? We

Re: [Standards] Fwd: [Uta] STARTTLS vulnerabilities

On Wed, Aug 11, 2021 at 02:25:56PM -0600, Peter Saint-Andre wrote: Too bad we didn't stick to our guns in 2003 and insist on two ports instead of one, but STARTTLS was the recommended approach back then... We were always at war with STARTTLS? -- Zash signature.asc Description: PGP signature

Re: [Standards] Fwd: [Uta] STARTTLS vulnerabilities

In my experience it's widely supported these days. Out of the 119 providers on the jabber.at server list 74 of them (62%) have xmpps records (though I did not test whether these resulted in a successful connection with a reasonable TLS configuration). I also don't know if clients prioritize these

Re: [Standards] Fwd: [Uta] STARTTLS vulnerabilities

Too bad we didn't stick to our guns in 2003 and insist on two ports instead of one, but STARTTLS was the recommended approach back then... On 8/11/21 2:13 PM, Philipp Hancke wrote: > tl;dr: its a mess. What is the deployment state of xep-0368? > > Am 11.08.21 um 19:08 schrieb Peter Saint-Andre:

Re: [Standards] Fwd: [Uta] STARTTLS vulnerabilities

tl;dr: its a mess. What is the deployment state of xep-0368? Am 11.08.21 um 19:08 schrieb Peter Saint-Andre: Perhaps of interest here... Forwarded Message Subject: [Uta] STARTTLS vulnerabilities Date: Wed, 11 Aug 2021 17:42:40 +0200 From: Hanno Böck To: u...@ietf.org Hi,