[Standards] compliance: cert(s)
Matthias Wimmer
m at tthias.eu
Fri Jun 15 15:32:37 CDT 2007
Hi Justin!
Justin Karneges schrieb:
> The XSF runs an ICA, but that alone is not enough of a reason for XMPP
> developers and users to trust it. The reason the XMPP ICA is interesting is
> because it is under StartCom control, and StartCom is widely trusted. To
> better understand what I mean, just imagine if the XMPP CA was an independent
> root CA. The value comes not from the XSF's booming voice, but from
> StartCom. :)
> Anyway, there's nothing wrong with having a recommendation, and I see you've
> already published new versions of the XEP with it. However, it does come off
> as an advertisement, which is a strange thing to have in a XEP. You could
> just as well advertise Equifax, I'm sure they have a number of XMPP domain
> certificates issued too.
>
> Right, bundling does have value. The Psi 0.11 release candidate ships the
> StartCom root, for example. However, Psi only does this because Mozilla does
> this. Really, it is important here to realize who is in a position to vouch
> for trust. XSF and Psi are unable do this, but the Mozilla Foundation is,
> and so that's the authority Psi draws from, *not* any XSF recommendation.
+3 ... one for each chapter ...
While I do bundle the StartCom root certificate with jabberd14 as well,
I also do not do this because of any XEP.
Me as well, I would consider it at least very strange if any XEP
advertizes or recommends any certification authority. You also won't
find any recommended CA in RFC 2818 (HTTP over TLS).
Matthias
--
Matthias Wimmer Fon +49-700 77 00 77 70
Züricher Str. 243 Fax +49-89 95 89 91 56
81476 München http://ma.tthias.eu/
More information about the Standards
mailing list