[Standards-JIG] The Great Encryption Debate

Bob Gilson bgilson at jabber.com
Thu Aug 11 20:47:56 UTC 2005

Peter Saint-Andre wrote:

> Personally I'd prefer something distributed over something
> centralized for many reasons (though a hybrid distributed web of trust
> plus centralized CA might also work -- that's what CAcert is).

Notice that the level of paranoia required to run an XMPP server is much 
less than the level required to be a CA or web of trust.

If we choose an architecture where running an XMPP server means running 
a datacenter with CA paranoia, then the number of XMPP servers will be 
the intersection of those two groups, smaller. Or the community 
fragments between those that can run with real security and those that 
don't. Given human nature, you know which fragment will be larger.

We can debate the merits of centralized vs distributed vs hyrid. But I 
think a critical piece for all choices is to allow an XMPP server to 
push the CA requirement onto another organization. And I think this 
forces some degree of centralization into the final architecture.

ca-ching, $0.02,
Bob Gilson

More information about the Standards mailing list