[Members] Lets Encrypt and XMPP
bschumac at cisco.com
Wed Dec 3 16:51:32 UTC 2014
You might want to jump on the mailing list for ACME and chime in on the
debate, if you have opinions. You can find details here:
You might consider joining the ACME mailing lists which is actively
discussing the topic of how validation might work. If you're interested
in providing feedback on what is the best way to proceed.
At any rate, I think it's a pretty awesome project and look forward to
seeing where it goes.
On 12/3/14 1:35 AM, Simon Tennant wrote:
> It turns out that a good friend of mine
> (https://www.eff.org/about/staff/seth-schoen) at the EFF was working on
> the wire protocol for Lets Encrypt [and couldn't say anything about it
> for the last 6 months].
> Two weeks ago I reached out to him about supporting XMPP.
> Here's his answer:
> > Last night at the XMPP Standards Foundation board meeting we discussed how
> > (and with whom we should talk?) we could add support for XMPP servers to
> > validate their domains.
> Thanks! There's a pretty big debate going on right now about validation
> and cert issuance for non-HTTPS protocols.
> I think the best summary is that it's going to be hard enough to launch
> with HTTPS validation, so people should do the HTTPS validation step
> with a web server (we can even provide a dummy one -- I'm working on
> code for that now) and then load that into other services. Eventually
> the Let's Encrypt CA can figure out whether we want to officially
> directly support issuance of certs based on TLS verification of things
> other than HTTPS, but right now software will accept the same cert for
> multiple services (unless we can figure out a way to prevent it from
> doing so), so you can get the cert for your (possibly ephemeral) HTTPS
> server and then deploy it in your XMPP server.
> Simon Tennant | Founder & CEO | Buddycloud <http://buddycloud.com> | +49
> 17 8545 0880
More information about the Members