[Security] S2S Leap of faith w/ SASL EXTERNAL

Peter Saint-Andre stpeter at stpeter.im
Fri Nov 19 09:25:31 CST 2010


On 11/19/10 8:22 AM, Stephen Paul Weber wrote:
> On Wed, Nov 17, 2010 at 19:51, Kim Alvefur <zash at zash.se> wrote:
>> Imagine a server with a self signed certificate.
> 
> Why is a production server using a self-signed certificate?  StartSSL
> will give personal sites and some others a cert for free.  Others can
> either get one pretty cheap, or we could convince the XMPP community
> to support CACert.

Given that I used to run the XMPP CA, I heartily agree that it's easy
enough for people to obtain certificates.

Either the admins are too lazy to do so or, in the case of large hosting
services, there are operational difficulties.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6105 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/security/attachments/20101119/210030d1/attachment.bin>


More information about the Security mailing list