[Standards-JIG] Depricating DialBack w/ new CA
twaffle at gmail.com
Tue Jan 9 19:42:29 UTC 2007
On 1/9/07, Peter Saint-Andre <stpeter at jabber.org> wrote:
> JD Conley wrote:
> > My vote is to keep it around indefinitely. It fosters federation without
> > the headaches of key/cert management. Even with the JSF being a cert
> > authority you still have to request the certs, which is a manual and
> > tedious process requiring some sort of out of band validation – email,
> > etc. TLS (untrusted) + DNS (for trust) + Dialback is good enough
> > security for 99% of the people out there.
> I'd agree. The CA is an experiment, not a panacea. And it's certainly
> not quite ready for prime time.
> One could argue that dialback could be moved to a XEP, but I'd prefer to
> make it an appendix in rfc3920bis.
Also, correct me if I'm wrong, but the prices in the future may be
adjusted depending on many factors. :-D
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Standards