[Security] Hosted solutions - client/user certs
Johansson Olle E
oej at edvina.net
Fri Aug 22 06:43:13 CDT 2008
To get back to one part of the earlier discussion, where we
brainstormed a bit about user and client certificates.
There are several phone clients for IM, the most recent one I
discovered being MobileChat for iPhone, that builds on a model where I
have to trust them with my credentials for my jabber service. I don't.
And if I do trust them, then change my mind, I have to ask my XMPP
server manager to change my password or do it myself, then just hope
that it's going to work out for the best. Then I have to change
password stored in all my clients and devices. There's nothing on the
web site that helps me to evaluate the trust I should put in them and
Now, if I could issue a client cert for them, signed with my user
cert, I could revoke that in the server and still keep all my other
"The campaign for XMPP User/Client certificates"
More information about the Security