[Standards-JIG] The Great Encryption Debate
bgilson at jabber.com
Thu Aug 11 20:47:56 UTC 2005
Peter Saint-Andre wrote:
> Personally I'd prefer something distributed over something
> centralized for many reasons (though a hybrid distributed web of trust
> plus centralized CA might also work -- that's what CAcert is).
Notice that the level of paranoia required to run an XMPP server is much
less than the level required to be a CA or web of trust.
If we choose an architecture where running an XMPP server means running
a datacenter with CA paranoia, then the number of XMPP servers will be
the intersection of those two groups, smaller. Or the community
fragments between those that can run with real security and those that
don't. Given human nature, you know which fragment will be larger.
We can debate the merits of centralized vs distributed vs hyrid. But I
think a critical piece for all choices is to allow an XMPP server to
push the CA requirement onto another organization. And I think this
forces some degree of centralization into the final architecture.
More information about the Standards