[Operators] Obtaining XMPP-enabled certificate for server

Thomas Camaran camaran at gmail.com
Tue Jul 19 14:09:32 UTC 2016


I think the very question is: it's possible to use srv and let's encrypted
certificate? and if yes how with prosody?

2016-07-19 16:06 GMT+02:00 Sam Whited <sam at samwhited.com>:

> On Tue, Jul 19, 2016 at 4:53 AM, Simon Josefsson <simon at josefsson.org>
> wrote:
> > I wonder if people really care about this usage any more -- it does not
> > scale well (all domains have to be encoded in the same cert => big
> > certs) and introduces an indirection which often leaves room for
> > attackers
>
> I don't understand what problem you're solving by doing this. As you
> said, it's just going to make the certs bigger and overcomplicates
> things. Using the common name works fine and, for better or for worse,
> is just about the only thing supported by any of the cheap or free
> cert providers these days.
>
> Just because it's in the RFC doesn't necessarily make it a best
> practice, and I think in this case you're just making more issues and
> work for yourself for no benefit.
>
> —Sam
>
>
>
> --
> Sam Whited
> pub 4096R/54083AE104EA7AD3
>



-- 
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
=
Thomas Camaran
N° Cellulare: +39 393 8352896
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
=
Questo messaggio e i suoi allegati sono indirizzati
esclusivamente ai destinatari. Qualsiasi suo utilizzo, comunicazione
o diffusione non autorizzata sono rigorosamente vietate.
Qualora il presente messaggio Le fosse pervenuto per errore, Le saremmo
grati se ne distruggesse ogni copia e comunicasse al mittente l'errata
ricezione.
camaran at gmail.com
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
=
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20160719/eeac5dc9/attachment.html>


More information about the Operators mailing list