[Members] Distrusting new StartSSL certs

Peter Saint-Andre stpeter at stpeter.im
Tue Oct 25 23:08:52 UTC 2016


On 10/25/16 3:26 PM, Arc Riley wrote:
> https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/

Yes, I read that too. It's a sad day, given that the XMPP community did 
some good work with StartCom about 10 years ago. Nothing lasts forever.

> I think its come time for XMPP servers to start going the same. There's
> no point using TLS when you accept certs from untrustable sources.

I expect that most XMPP software applications use certificate bundles 
from outside sources (such as the underlying OS or Mozilla), and I 
expect that most of those sources will be making similar policy 
decisions soon given the malfeasance involved with WoSign/StartCom.

Peter




More information about the Members mailing list