stpeter
commented
9 years ago The manifesto was not intended to be a living document, but a way to garner support for the switch to an encrypted network. We have https://datatracker.ietf.org/doc/rfc7590/ and https://datatracker.ietf.org/doc/rfc7525/ as a way to capture the current state of security recommendations for TLS and XMPP, but of course that will change too. I'll start a thread on the operators@xmpp.org discussion list to gauge how the community would like to proceed.
The current version of the manifesto accepts SSLv3. Latest news showed that this isn't secure anymore. Maybe we should update the manifesto to diable SSL completely and only use TLS instead.