[jdev] Re: TLS and self-signed certs

Peter Saint-Andre stpeter at jabber.org
Mon Nov 15 13:44:03 CST 2004

In article <3eb0429d0411121321370e5c99 at mail.gmail.com>,
 David Waite <dwaite at gmail.com> wrote:

> If Jabber servers had started with S2S defaulting to SSL, then trusted
> issuers would be the only way to make the server administration scale.
> Since we did not, servers really can only require SSL in environments
> where you are pairing with a limited number of other servers; for
> these environments, using manually entered self-signed certificates is
> usually the way to go.

Well, as you recall, we didn't even have dialback in jabberd 1.0. :-) 
However, I think it is possible for us to upgrade the network now by 
defaulting to TLS/SASL for XMPP s2s. And one way to do that is to set up 
a server registry (or "certification authority" if people like that 
language) for XMPP servers. I'm in the midst of exploring that now but I 
don't have much to report yet.


More information about the JDev mailing list