[Members] XMPP and DNSSEC
Peter Saint-Andre
stpeter at stpeter.im
Fri Feb 28 00:10:53 UTC 2014
On 1/17/14, 2:32 PM, Dave Cridland wrote:
>
> On 17 Jan 2014 18:27, "Simon Tennant" <simon at buddycloud.com
> <mailto:simon at buddycloud.com>> wrote:
> >
> > On 17 January 2014 13:39, Dave Cridland <dave at cridland.net
> <mailto:dave at cridland.net>> wrote:
> >>>
> >>> multi-tenant XMPP hosting + security isn't possible
> >>
> >> That's incorrect; it's generally made more difficult by services
> having to have valid certificates for the domain hosted, which is quite
> difficult for large third-party hosting providers. It is absolutely NOT
> impossible, though, and large scale HTTP providers do just this.
> >
> >
> > How do you propose the hosting provider vouch for you without handing
> over your private key?
>
> As I say, large scale HTTP providers work in exactly this way.
> "Impossible" is too strong a word here. FWIW, Google's main concern was
> not holding the keying material, but the logistics of holding
> certificates for all the domains, as I recall.
Well, I have talked with someone Akamai and they have exactly this same
problem. I don't know how they solve it, or if they do, because this
person said they could really use something like POSH for HTTPS, but of
course then it's turtles all the way down since POSH bootstraps off HTTPS.
Peter
More information about the Members
mailing list