[Operators] Future of XMPP Re: The Google issue

Peter Saint-Andre stpeter at stpeter.im
Tue Dec 3 17:24:19 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/3/13 9:24 AM, Jesse Thompson wrote:
> On 11/28/13, 7:44 AM, Moonchild wrote:
>> On 28/11/2013 13:44, Solomon Peachy wrote:
>>> The second is that every XMPP service operator is required to
>>> pay for a third-party for a TLS certificate.  This isn't a
>>> large cost in absolute terms, but does raise the bar for entry,
>>> and represents an ongoing cost. (Anectdotally, most smaller
>>> operators, myself included, were using self-signed certs to
>>> enable secure C2S credential exhange.)
>> 
>> So what about the Free-of-charge server SSL providers like
>> StartSSL? I'm using them for a few services (including XMPP) and
>> it doesn't cost me anything - while still having a valid and
>> verified chain.
>> 
>> Meaning: this (ongoing) cost shouldn't have to be a problem as
>> long as there is still at least one provider willing to offer
>> free SSL certificates to small/noncommercial entities, making the
>> argument a purely political one.
> 
> It's not just monetary costs.  It's maintenance costs too.  We have
> 250 email domains.  And, our team is not authoritative to
> obtain/handle private keys for all of those domains.  We've not
> enabled XMPP for all of our domains primarily due to the projected
> cost/hassle with managing 250 certificates for customers.
> 
> We need POSH

We need POSH for authenticated encryption. If people think that
unauthenticated encryption is good enough for some purposes, then they
don't need POSH or DANE/DNSSEC. Personally I'd prefer authenticated
encryption, so I still think that POSH is useful in the short to
medium term and DANE/DNSSEC is useful in the long term.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSnhPDAAoJEOoGpJErxa2p6UsP/2Cd/qbQi2u2n0q5nna4hVTQ
oCPjz5SYgq6uF2e/ZngUOKUuBqqepjQkLxIO4L/Cq+c+hTq2PSX+l0QBg95O3lYx
XHK/iw5wvda6qugS2QfQ8SRK3TEZz/eVO8crqr/oS4sppc1LyNSy1hAID+gnJzoT
U+rgXOG4FU2CzrcLAZnORi35vFXUGp8Epzpw0IXb4vQOZg0MV+DzaloNXwPPsBwo
+S3MAZFZujrKiBMPpah5m6Gn4wjmelrVkyu2fUjl1THhaG8bVPYz/GoUv0A1Q+zy
2y3tmPyauVd09QWSgQqKiy3iGKAph79ElYXY+BjsneBVLuaLPXUqwTLiu9R9XTwF
1vVy1qorGMeXTOYvLHowui0YQWoyzTVxfpXr4e6OmjPiVLMBeLHQpNZ5+3yIA3S1
Qezx/5czq0jNYEPvUNOX+JEsjXkGDz4W8I9UrlsI9omKEsSd+2gzU8Bp427JI7yH
OY3lrlIe7WCVsxIjK/KFyqFp0pX/UxWX9pB25EL20LjWPhzCK/Hd2lxgKcqAdSSa
zJWr4DN9rO6tQ+mW7B4zHF3I5ElhfvJjjOzF/0d6nNU2e4rAy6o5Les6KvNJnKFK
pv+db5vxfF3QcHfOT7sJPzTqjpLlOW8AUYGLosbcoIze1Q4H5TVHeMnsBUhs8JOi
kiOx0w3kyZEH2a8UGGF9
=y3Po
-----END PGP SIGNATURE-----


More information about the Operators mailing list