[jitsi-dev] Fwd: RE: "The State of TLS on XMPP" by Thijs Alkemade


#1

Ingo is currently unable to access e-mail so he has asked me to resend these on his account:

···

-------- Original Message --------
Subject: RE: [jitsi-dev] "The State of TLS on XMPP" by Thijs Alkemade
Date: Fri, 4 Oct 2013 14:53:44 +0000
From: Ingo Bauersachs

- Yes, we do use the Java defaults - which explains the Linux/Windows differences
- I don't like the idea of having different sets of TLS settings for every protocol. Heck, even having a specific RFC for a/every protocol using SSL/TLS is ridiculous. This should be (and AFAIK is) part of a generic TLS RFC. So with all the respect to Peter, this RFC should IMO be withdrawn.
- The configurable options sound nice, but should be protocol independent (which gets difficult because jain-sip mingles with the defaults set to the JRE).
- Concerning the specific use of insecure ciphers on Linux, this should probably be brought to the attention of the JRE package maintainers as it affects all software using Java's TLS.

Mit freundlichen Grüssen
Maklerzentrum Schweiz AG

Ingo Bauersachs
MSc FHNW in Computer Sciences

Informatik, System Integration

Falls Sie diese Nachricht irrtümlicherweise erhalten haben, bitten wir Sie, die absendende Person zu kontaktieren und diese Nachricht mit allen Anhängen von Ihrem System zu löschen.
-----Original Message-----
From: dev-bounces@jitsi.org [mailto:dev-bounces@jitsi.org] On Behalf Of Andreas Kuckartz
Sent: Donnerstag, 5. September 2013 11:53
To: Jitsi Developers
Subject: [jitsi-dev] "The State of TLS on XMPP" by Thijs Alkemade

The recent three-part series "The State of TLS on XMPP" by Thijs Alkemade are interesting for some Jitsi developers:
https://blog.thijsalkema.de/

Part 3 is evaluating XMPP clients (including Jitsi) but the other parts are also very relevant regarding security.

Cheers,
Andreas

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#2

Maybe. These various documents will likely be harmonized eventually,
but from my perspective the more pressing concern is strengthening the
XMPP network. And personally I see no harm in making XMPP more secure
than, say, HTTP or SIP or SMTP.

Peter

P.S. It's not an RFC -- as Emil knows from experience, an early
Internet-Draft is very far from being an RFC. :slight_smile:

···

On 10/13/2013 04:48 AM, Emil Ivov wrote:

-------- Original Message -------- Subject: RE: [jitsi-dev] "The
State of TLS on XMPP" by Thijs Alkemade Date: Fri, 4 Oct 2013
14:53:44 +0000 From: Ingo Bauersachs

- Yes, we do use the Java defaults - which explains the
Linux/Windows differences - I don't like the idea of having
different sets of TLS settings for every protocol. Heck, even
having a specific RFC for a/every protocol using SSL/TLS is
ridiculous. This should be (and AFAIK is) part of a generic TLS
RFC. So with all the respect to Peter, this RFC should IMO be
withdrawn.