[Standards] [Fwd: I-D Action:draft-melnikov-digest-to-historic-00.txt]

Jonathan Chayce Dickinson chayce.za at gmail.com
Wed Sep 12 18:37:34 UTC 2007

You are 100% correct! I have far too lazy to install my certificate again
after I reinstalled Windows. So I just did it.

Anyway, truth be told, if the client can't use Jabber unless they get a
certificate, chances are they will, which would not only benefit Jabber, but
the internet as a whole. You could even use xmpp.org as the CA, which 'we'
would have more control over: so 'we' could crack down on SPIMmers quite

You could even have a transition period in which the users are warned via a
MOTD that they should acquire a certificate from xmpp.org before the other
SASL mechanisms are removed from the server.

Just by the way, are there any servers/clients that do support SASL

-----Original Message-----
From: standards-bounces at xmpp.org [mailto:standards-bounces at xmpp.org] On
Behalf Of Peter Saint-Andre
Sent: 12 September 2007 05:19 PM
To: XMPP Extension Discussion List
Subject: Re: [Standards] [Fwd: I-D

Jonathan Chayce Dickinson wrote:
> Or, alternatively, what I said before, is that the SSL/TLS be two way,
> is both the client and the server present certificates (SASL EXTERNAL).

TLS + SASL EXTERNAL is also mandatory-to-implement. But how many people
have or use X.509 certificates? I seem to be just about the only person
who signs their email with such a certificate on this list, or even on
the security-related IETF lists. If even members of the IETF security
mafia don't eat their own dogfood, I don't see how we can expect the
average Jabber user to do so.


Peter Saint-Andre

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6331 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070912/21c12c72/attachment.bin>

More information about the Standards mailing list