[jdev] Hosting issues

Hal Rottenberg halr9000 at gmail.com
Thu Sep 15 10:16:31 CDT 2005

> 2) TLS and s2s
> My users will not have certs for their domains, and even if they did,
> I wouldn't want to be responsible for keeping their private keys
> secret.  TLS is not an option for my service.

Why not?  You might think about obtaining cacert certs during
provisioning as a part of your service.  You can own the private key
for jabber.domain.com and that would not conflict with any domain.com
certificates they may already have.  Then as discussed their DNS host
would put an SRV record to point to your jabber server.  I think that
would work anyway...

> The XMPP specification says that the name in the cert should match
> domain part of the user's id. This is a problem because I will not
> have the cert for my users' domains as mentioned above.

Hmm, I guess that blows my idea out of the water!

Psi webmaster (http://psi-im.org)
im:hal at jabber.rocks.cc

More information about the JDev mailing list