[Standards] compliance: cert(s)

Peter Saint-Andre stpeter at jabber.org
Fri Jun 15 14:45:50 CDT 2007


Justin Karneges wrote:
> On Friday 15 June 2007 11:03 am, Peter Saint-Andre wrote:
>> Mridul Muralidharan wrote:
>>> Justin Karneges wrote:
>>>> On Thursday 14 June 2007 2:59 pm, Peter Saint-Andre wrote:
>>>>> Would it be appropriate to recommend that client and server developers
>>>>> bundle support for the root certificate under which the XMPP ICA issues
>>>>> domain certificates?
>>>> The XSF is not in a position to vouch for the trustworthiness of a
>>>> certificate authority.
>>> +1
>> The XSF runs the XMPP Intermediate Certification Authority, so I'd hope
>> we can trust it. We do not run the root CA upon which the XMPP ICA depends.
> 
> The XSF runs an ICA, but that alone is not enough of a reason for XMPP 
> developers and users to trust it.  The reason the XMPP ICA is interesting is 
> because it is under StartCom control, and StartCom is widely trusted.  To 
> better understand what I mean, just imagine if the XMPP CA was an independent 
> root CA.  The value comes not from the XSF's booming voice, but from 
> StartCom. :)
> 
> Anyway, there's nothing wrong with having a recommendation, and I see you've 
> already published new versions of the XEP with it.  However, it does come off 
> as an advertisement, which is a strange thing to have in a XEP.  You could 
> just as well advertise Equifax, I'm sure they have a number of XMPP domain 
> certificates issued too.

The XEP says that developers "should consider" bundling it. That's a 
pretty weak suggestion and it is in the implementation notes without 
all-caps conformance language. Use your best judgment about how to proceed.

/psa

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20070615/234cd5cf/smime.bin


More information about the Standards mailing list