[jadmin] trusted federation

Peter Saint-Andre stpeter at stpeter.im
Fri Jan 18 09:54:11 CST 2008

oliver bril wrote:
> I work for a very large company and we sell these kind of services (mail 
> , relay, xmpp etc). Because we sell these services to customers we have 
> the rule that everything needs to be secured with certificates or vpn's. 
> But it is not always easy , there are hundreds of ways we have to create 
> our certificates, I cannot always convert one certificate format into 
> another (like I had to do when I implemented a load balancer).  So if 
> you want to make everything secure with valid certificates you have make 
> sure the procedure for requesting/implementing these certificates is 
> very easy and that the certificates will be free. We use verisign 
> certificates and they are not cheap. 

We run an intermediate certification authority for the XMPP network and 
it gives out free certificates:


I can't promise that the procedures are as easy as they could be, but 
we're working on that.

> I think it still needs to be a choice people make. Normally when I want 
> to take a look at a program I install it very basic (so without 
> certificates) and test it. If I like it I'll go on. I think there is a 
> possibility that you will loose some people if you force them to use 
> certificates.


> What if you do the following things to make people aware it would be a 
> very good idea to take a look at securing things:
> 1. write a statement to the log files every hour that the server is not 
> secured and that this can be done for free.


> 2. if someone doesn't secure its server sent a message to the admin 
> account every hour.

Heh that seems a bit annoying -- the admins will just send those to 
/dev/null after a day or so. :)

> This prevents that you loose people but perhaps they get annoyed by 
> these messages and will secure their server.

Yes we need ideas like that. I'm sure there are other ways to prod 
admins into getting certificates. Maybe once the traffic levels reach a 
certain point between two servers, the peer server sends a message to 
the admins?


Peter Saint-Andre

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/jadmin/attachments/20080118/79ee1f5d/attachment-0003.bin>

More information about the JAdmin mailing list