[jdev] Re: TLS and self-signed certs
stpeter at jabber.org
Mon Nov 15 13:44:03 CST 2004
In article <3eb0429d0411121321370e5c99 at mail.gmail.com>,
David Waite <dwaite at gmail.com> wrote:
> If Jabber servers had started with S2S defaulting to SSL, then trusted
> issuers would be the only way to make the server administration scale.
> Since we did not, servers really can only require SSL in environments
> where you are pairing with a limited number of other servers; for
> these environments, using manually entered self-signed certificates is
> usually the way to go.
Well, as you recall, we didn't even have dialback in jabberd 1.0. :-)
However, I think it is possible for us to upgrade the network now by
defaulting to TLS/SASL for XMPP s2s. And one way to do that is to set up
a server registry (or "certification authority" if people like that
language) for XMPP servers. I'm in the midst of exploring that now but I
don't have much to report yet.
More information about the JDev