-
Guus
Ge0rG: sorry to disappoint you. 😉
-
jonasw
Ge0rG, I also strongly had the impression that the Opportunistic TLS term is wrong
-
jonasw
but then I looked at wikipedia, and following the wikipedia definition it seems to be right
-
jonasw
it just isn’t what it is used for everywhere else, from my perception
-
Kev
Opportunistic TLS is using TLS whenever it's available, and not caring about authentication.
-
jonasw
pretty much, yes
-
jonasw
at least that’s my understanding of it
-
jonasw
which is why I think that term is massively incorrect and misleading for XMPP.
-
Guus
"Opportunistic TLS (Transport Layer Security) refers to extensions in plain text communication protocols, which offer a way to upgrade a plain text connection to an encrypted (TLS or SSL) connection instead of using a separate port for encrypted communication. Several protocols use a command named "STARTTLS" for this purpose. "
-
jonasw
Guus, that’s the wikipedia definition, I don’t think wikipedia is necessarily right in those matters.
-
jonasw
I’ve been in the SMTP community for quite some time, and there the term Opportunistic TLS definitely refers to "we just do STARTTLS if available and don’t care about authn"
-
Guus
Please fix Wikipedia then. :)
-
Guus
on a completely different subject: our domain is having trouble doing s2s to both jabber.org as well as xmpp.org
-
Guus
did something chagne there/
-
Guus
can someone help me debug on that end what's going on?
-
Flow
What Kev said plus that you continue without TLS in case it's not available (at least that's my understanding)
-
jonasw
Flow, indeed
-
Flow
So a xmpp client library set to "TLS required" performing STARTTLS successfully would not be "Opportunistic TLS"
-
jonasw
indeed
-
Flow
I don't that's bike shedding, after all, there seems to be some confusion about what it is
-
jonasw
I agree
-
Flow
jonasw: :)
-
jonasw
and given what Opportunistic TLS means in e.g. SMTP context, I think it would be *very* bad to have that tacked on XMPP
-
Flow
and somebody should clarify it on wikipedia
-
jonasw
agreed
-
jonasw
hard to find reliable sources though
-
Flow
well psa gave some references to RFCs
-
Flow
I'd possibly do some wikipedia editing myself
-
Flow
but after i've mowed the lawn
-
jonasw
> Most SMTP clients will then send the email and possibly passwords in plain text, often with no notification to the user. In particular, many SMTP connections occur between mail servers, where user notification is not practical.
-
jonasw
that sentence from the article is also highly misleading
-
moparisthebest
I think we keep calling it STARTLS and just explicitly link to that part of the xmpp rfc
-
moparisthebest
That seems like it would prevent any confusion?
-
moparisthebest
https://xmpp.org/rfcs/rfc3920.html#tls
-
moparisthebest
Any Dev reading xep368 will know that and it uses STARTLS
-
Flow
moparisthebest: did you just use the old RFC on purpose?
-
tux
Maybe servers should deliver old RFCs only after filling out at least two paragraphs on why the download is necessary. Or a quiz about relevant content of the updating RFC.
-
moparisthebest
Flow: no just first search result :)