[jdev] virtual hosting and certificate checking

Peter Saint-Andre stpeter at jabber.org
Wed Mar 1 17:49:51 CST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Trejkaz wrote:
> Gary Burd wrote:
>> A couple of snips from the conversation:
>>
>>> For hosting providers it's usually an up-sell to your
>>> customers to add security
>>
>>> because it's each domain owner's responsibility to
>>> manage their own certificate.
>>
>> Extra cost and responsiblity can impede XMPP adoption.
> 
> Look, if people don't want TLS, we're not forcing them to use it. 

Well, but we want people to use TLS. If it's too difficult, then we'll
have a less secure network. And that seems like a Bad Thing even if it's
not our fault.

> There are other ways to streamline these things, such as making it
> easier for people running an XMPP server to get a certificate.
> 
> As far as "cost", http://www.cacert.org/ -- use it, love it, urge
> everyone to add their root certificate.

Yes, CAcert is great and I've been working with them to get support for
id-on-xmppAddr into their certs. But that doesn't necessarily make it
easier for people who are hosting a *lot* of XMPP domains to support TLS.

Peter

- --
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEBjMfNF1RSzyt3NURArkfAJ4nBianzS/6O8hMqAO6hWQxfbg0ugCghJEo
i9QdOduxMWNmN0cJwNogV4Y=
=jWZG
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20060301/5e1eee67/attachment-0002.bin>


More information about the JDev mailing list