[jdev] virtual hosting and certificate checking
Trejkaz
trejkaz at trypticon.org
Wed Mar 1 17:22:53 CST 2006
Gary Burd wrote:
> A couple of snips from the conversation:
>
>> For hosting providers it's usually an up-sell to your
>> customers to add security
>
>> because it's each domain owner's responsibility to
>> manage their own certificate.
>
> Extra cost and responsiblity can impede XMPP adoption.
Look, if people don't want TLS, we're not forcing them to use it. And
it's not XMPP's fault that getting a TLS certificate involves such
bureaucracy (I blame Verisign for that, really.)
There are other ways to streamline these things, such as making it
easier for people running an XMPP server to get a certificate.
As far as "cost", http://www.cacert.org/ -- use it, love it, urge
everyone to add their root certificate.
TX
More information about the JDev
mailing list