[Standards] compliance: cert(s)
Peter Saint-Andre
stpeter at jabber.org
Fri Jun 15 14:45:50 CDT 2007
Justin Karneges wrote:
> On Friday 15 June 2007 11:03 am, Peter Saint-Andre wrote:
>> Mridul Muralidharan wrote:
>>> Justin Karneges wrote:
>>>> On Thursday 14 June 2007 2:59 pm, Peter Saint-Andre wrote:
>>>>> Would it be appropriate to recommend that client and server developers
>>>>> bundle support for the root certificate under which the XMPP ICA issues
>>>>> domain certificates?
>>>> The XSF is not in a position to vouch for the trustworthiness of a
>>>> certificate authority.
>>> +1
>> The XSF runs the XMPP Intermediate Certification Authority, so I'd hope
>> we can trust it. We do not run the root CA upon which the XMPP ICA depends.
>
> The XSF runs an ICA, but that alone is not enough of a reason for XMPP
> developers and users to trust it. The reason the XMPP ICA is interesting is
> because it is under StartCom control, and StartCom is widely trusted. To
> better understand what I mean, just imagine if the XMPP CA was an independent
> root CA. The value comes not from the XSF's booming voice, but from
> StartCom. :)
>
> Anyway, there's nothing wrong with having a recommendation, and I see you've
> already published new versions of the XEP with it. However, it does come off
> as an advertisement, which is a strange thing to have in a XEP. You could
> just as well advertise Equifax, I'm sure they have a number of XMPP domain
> certificates issued too.
The XEP says that developers "should consider" bundling it. That's a
pretty weak suggestion and it is in the implementation notes without
all-caps conformance language. Use your best judgment about how to proceed.
/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20070615/234cd5cf/smime.bin
More information about the Standards
mailing list