#946 Evaluate reintroducing s2s_require_encryption in the default configuration for 0.10
Reporter
Link Mauve
Owner
Nobody
Created
Updated
Stars
★ (1)
Tags
Status-Fixed
Priority-Medium
Milestone-0.10
Type-Enhancement
Link Mauve
on
Description of feature:
s2s_require_encryption has been removed from the distributed configuration file in 5409:8e98a58ab6a3 (April 2013), on the basis that people would switch to s2s_secure_auth. Four years later, there are still way too many self-signed, expired or invalid certificates in the wild for most administrators to enable unconditional certificate validation, while unconditional encryption is in much closer reach.
Therefore, I propose to reintroduce s2s_require_encryption in the distributed config file and set it to true by default, in order to fasten its adoption by the entire network.
Zash
on
We should consider this. And the decision predates the whole Snowden thing which highlighted that unauthenticated encryption is still valuable.
Because config changes require matching changes to our packages, such changes are best done close to the release when we'll be updating the package anyways.
Description of feature: s2s_require_encryption has been removed from the distributed configuration file in 5409:8e98a58ab6a3 (April 2013), on the basis that people would switch to s2s_secure_auth. Four years later, there are still way too many self-signed, expired or invalid certificates in the wild for most administrators to enable unconditional certificate validation, while unconditional encryption is in much closer reach. Therefore, I propose to reintroduce s2s_require_encryption in the distributed config file and set it to true by default, in order to fasten its adoption by the entire network.
We should consider this. And the decision predates the whole Snowden thing which highlighted that unauthenticated encryption is still valuable. Because config changes require matching changes to our packages, such changes are best done close to the release when we'll be updating the package anyways.
ChangesDone
Changes