[Security] Hosted solutions - client/user certs

Johansson Olle E oej at edvina.net
Fri Aug 22 06:43:13 CDT 2008


To get back to one part of the earlier discussion, where we  
brainstormed a bit about user and client certificates.

There are several phone clients for IM, the most recent one I  
discovered being MobileChat for iPhone, that builds on a model where I  
have to trust them with my credentials for my jabber service. I don't.  
And if I do trust them, then change my mind, I have to ask my XMPP  
server manager to change my password or do it myself, then just hope  
that it's going to work out for the best. Then I have to change  
password stored in all my clients and devices. There's nothing on the  
web site that helps me to evaluate the trust I should put in them and  
their service.

Now, if I could issue a client cert for them, signed with my user  
cert, I could revoke that in the server and still keep all my other  
credentials valid.

Signed
"The campaign for XMPP User/Client certificates"


More information about the Security mailing list