Tomorrow many of the folks who run public (and some that run private) facing XMPP servers will be doing a ubiquitous security test of the XMPP network.
Like the IPv6 test days, on the 4th January XMPP server operators are turning on TLS encryption for s2s and c2s connections and testing to see what doesn’t work and what needs more work.
The participants of this effort would like you to join others in the XMPP community and help secure users private communications.
They are inviting you to join other operators and secure XMPP.
Answers to common questions:
Q: how do I test my site’s security? A: use http://xmpp.net to run a test against your domain. For help enabling full TLS encryption, check out the Securing XMPP wiki page or contact your XMPP server vendor.
Q: But what if things break? A: This is a just a test. The changes will be rolled back on 5th January until the next test the following month.
Q: Can’t you test this all before and then switch? A: In theory everything should work. In reality it’s better to test, rollback, fix, re-test.
Q: Where do I discuss this? A: Join the operators mailing list: https://mail.jabber.org/mailman/listinfo/operators
Q: I heard there is a manifesto? A: Indeed - if you are a server operator and want to publicly show your support for secure user communications, sign up (with a pull request) at https://github.com/stpeter/manifesto
The operators are all looking forward to the go-live date of May 19, 2014 and excited for this huge step.
Thanks for playing your part.