[JDEV] Dialback and STARTTLS
justin-keyword-jabber.093179 at affinix.com
Fri Nov 21 03:34:41 CST 2003
On Thursday 20 November 2003 11:39 pm, Matthias Wimmer wrote:
> Justin Karneges schrieb am 2003-11-20 16:46:46:
> > I hope you're not planning on using a cert-less TLS between servers.
> > That would be a really bad precedent to set.
> There are not much servers with certificates signed by one of the big CAs -
> I know none. Therefore we still need dialback. But it would be nice
> for this connections to be at least protected against passive attacks by
> encrypting the stream.
> I agree that this is not how it should be ideally, but it wouldn't help
> XMPP/Jabber if we require each server to own a commercial certificate as
> we would loose most if not all free servers.
Yes, this is the unfortunate reality.
I have always wondered if maybe the JSF could act as an independent CA, to
create free certs for everyone. It would mean that servers (and clients too,
I suppose) would have to bundle the JSF certificate, but this would not be a
I'm not sure how the JSF would handle proper identification of those who
apply.. Maybe it could just be a simple first-come first-serve thing, and
if someone else gets a cert for your domain before you do, then you can ping
stpeter to resolve the dispute. ;-)
But then maybe I'm asking for too much, considering jabber.org still has an
invalid certificate. :P
More information about the JDev