[jdev] virtual hosting and certificate checking

Peter Saint-Andre stpeter at jabber.org
Wed Mar 1 17:49:51 CST 2006

Hash: SHA1

Trejkaz wrote:
> Gary Burd wrote:
>> A couple of snips from the conversation:
>>> For hosting providers it's usually an up-sell to your
>>> customers to add security
>>> because it's each domain owner's responsibility to
>>> manage their own certificate.
>> Extra cost and responsiblity can impede XMPP adoption.
> Look, if people don't want TLS, we're not forcing them to use it. 

Well, but we want people to use TLS. If it's too difficult, then we'll
have a less secure network. And that seems like a Bad Thing even if it's
not our fault.

> There are other ways to streamline these things, such as making it
> easier for people running an XMPP server to get a certificate.
> As far as "cost", http://www.cacert.org/ -- use it, love it, urge
> everyone to add their root certificate.

Yes, CAcert is great and I've been working with them to get support for
id-on-xmppAddr into their certs. But that doesn't necessarily make it
easier for people who are hosting a *lot* of XMPP domains to support TLS.


- --
Peter Saint-Andre
Jabber Software Foundation

Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20060301/5e1eee67/attachment-0002.bin>

More information about the JDev mailing list