[Standards] [Fwd: I-D Action:draft-melnikov-digest-to-historic-00.txt]
Jonathan Chayce Dickinson
chayce.za at gmail.com
Wed Sep 12 18:37:34 UTC 2007
You are 100% correct! I have far too lazy to install my certificate again
after I reinstalled Windows. So I just did it.
Anyway, truth be told, if the client can't use Jabber unless they get a
certificate, chances are they will, which would not only benefit Jabber, but
the internet as a whole. You could even use xmpp.org as the CA, which 'we'
would have more control over: so 'we' could crack down on SPIMmers quite
You could even have a transition period in which the users are warned via a
MOTD that they should acquire a certificate from xmpp.org before the other
SASL mechanisms are removed from the server.
Just by the way, are there any servers/clients that do support SASL
From: standards-bounces at xmpp.org [mailto:standards-bounces at xmpp.org] On
Behalf Of Peter Saint-Andre
Sent: 12 September 2007 05:19 PM
To: XMPP Extension Discussion List
Subject: Re: [Standards] [Fwd: I-D
Jonathan Chayce Dickinson wrote:
> Or, alternatively, what I said before, is that the SSL/TLS be two way,
> is both the client and the server present certificates (SASL EXTERNAL).
TLS + SASL EXTERNAL is also mandatory-to-implement. But how many people
have or use X.509 certificates? I seem to be just about the only person
who signs their email with such a certificate on this list, or even on
the security-related IETF lists. If even members of the IETF security
mafia don't eat their own dogfood, I don't see how we can expect the
average Jabber user to do so.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6331 bytes
Desc: not available
More information about the Standards