[jdev] TLS Everywhere

[Philipp Hancke]

> Whereas the deployment piece says
>> >o require the use of TLS for both client-to-server and server-to-server
> connections
>
> Doesn't that exclude Server Dialback? Please help me understanding this.

No. You use this (called starttls+dialback) if, after setting up TLS you 
notice that you can't trust the peer certificate for strong authentication.

So you have an encrypted stream from TLS and the relatively robust 
spoofing protection from dialback. It's safe from passive attacks.