http://web.amessage.info/news/article/2981 asserts that one cannot use self-signed certs with TLS for securing XMPP streams. I don't think that's true, since we took that into account when writing RFC3920. Also, I am working with the folks from CAcert.org on building JabberIDs (for any kind of Jabber entity) into CAcert-issued certificates. Peter