RFC 7525: SSL/TLS Best Practices

by Peter Saint-Andre


Internet security is very important to me. That's why I pushed hard last year to encrypt the XMPP network. It's also why I've been working on two specifications at the IETF that document major attacks on SSL/TLS as well as best practices for preventing those attacks on a wide range of Internet applications (websites, mobile apps, email, messaging, etc.). I'm happy to report that those best practices were published today as RFC 7525 and that before long we'll also be strengthening the use of TLS in XMPP to further enhance the security profile of the XMPP network. Is that security perfect? No, because we still need end-to-end encryption and several other improvements (indeed, our work is never over because the attacks keep getting better, too). But we're doing what we can within the confines of existing technologies to make Internet applications as secure as possible. Onward and upward!

Peter Saint-Andre > Journal