XMPP Service Operators - 2014-03-21

  1. andol

    So, for the testing tomorrow, are we just requiring starttls, or are we also requiring proper certs?

  2. andol

    See that http://xmpp.org/2014/03/third-security-test-day/ says "full encryption", whatever that now means.

  3. stpeter

    andol: please see the manifesto

  4. stpeter


  5. stpeter

    o require the use of TLS for both client-to-server and server-to-server connections, preferably with authentication (RFC 6125) but as a fallback using unauthenticated encryption in the form of TLS plus Server Dialback

  6. andol

    Ok, thanks.

  7. stpeter

    but you're right

  8. stpeter

    I just changed "full encryption" to "TLS encryption required"

  9. stpeter

    http://xmpp.org/2014/03/third-security-test-day/ updated