[Operators] domain hosting and certificates
jesse.thompson at doit.wisc.edu
Mon Mar 10 09:07:26 CDT 2008
Florian Jensen wrote:
> I don't see the main problem being the clients. We plan on hosting many
> domains on our new Dynamic Cluster for XMPP, so this topic is very
> interesting for me.
Well, the clients are only a problem when you want to use mismatched
certificates. It would be *helpful* if the clients would provide a
friendly interface that allows users to say: yes, I trust
foo.hosting.provider when connecting to my.domain.org
> We use the Certificates from the XSF-ICA. I would like to have some type
> of account where I can manage 300 Certificates or more, check their
> Expiry Date, and renew them. Also create new Certificate without filling
> out all information again.
Yes, I agree. This process does not scale well.
> Then there is the problem of mail verification. What do you guys do when
> you create certificates? We don't host all the domains which are on the
> XMPP Cluster. Mail verification to hostmaster@ etc. is not possible in
> that case.
They accept postmaster@ as valid authorization. Most of our domain
administrators delegate their postmaster duties back to us. For those
that don't, I expect that they would have to forward the verification
> How do you guys manage this?
We don't. We're hoping that a less labor intensive solution will
present itself. Until then, we are using one signed certificate, and
dealing with the client/usability blowback.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3340 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/operators/attachments/20080310/c4a2d30f/attachment.bin
More information about the Operators