[Operators] Future of XMPP Re: The Google issue

Jesse Thompson jesse.thompson at doit.wisc.edu
Tue Dec 3 16:24:05 UTC 2013


On 11/28/13, 7:44 AM, Moonchild wrote:
> On 28/11/2013 13:44, Solomon Peachy wrote:
>> The second is that every XMPP service operator is required to pay for a
>> third-party for a TLS certificate.  This isn't a large cost in absolute
>> terms, but does raise the bar for entry, and represents an ongoing cost.
>>   (Anectdotally, most smaller operators, myself included, were using
>> self-signed certs to enable secure C2S credential exhange.)
>
> So what about the Free-of-charge server SSL providers like StartSSL? I'm
> using them for a few services (including XMPP) and it doesn't cost me
> anything - while still having a valid and verified chain.
>
> Meaning: this (ongoing) cost shouldn't have to be a problem as long as there
> is still at least one provider willing to offer free SSL certificates to
> small/noncommercial entities, making the argument a purely political one.

It's not just monetary costs.  It's maintenance costs too.  We have 250 
email domains.  And, our team is not authoritative to obtain/handle 
private keys for all of those domains.  We've not enabled XMPP for all 
of our domains primarily due to the projected cost/hassle with managing 
250 certificates for customers.

We need POSH

Jesse
UW-Madison


More information about the Operators mailing list