-
andol
So, for the testing tomorrow, are we just requiring starttls, or are we also requiring proper certs?
-
andol
See that http://xmpp.org/2014/03/third-security-test-day/ says "full encryption", whatever that now means.
-
stpeter
andol: please see the manifesto
-
stpeter
https://github.com/stpeter/manifesto/blob/master/manifesto.txt
-
stpeter
o require the use of TLS for both client-to-server and server-to-server connections, preferably with authentication (RFC 6125) but as a fallback using unauthenticated encryption in the form of TLS plus Server Dialback
-
andol
Ok, thanks.
-
stpeter
but you're right
-
stpeter
I just changed "full encryption" to "TLS encryption required"
-
stpeter
http://xmpp.org/2014/03/third-security-test-day/ updated