[jdev] virtual hosting and certificate checking
Peter Saint-Andre
stpeter at jabber.org
Wed Mar 1 17:49:51 CST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Trejkaz wrote:
> Gary Burd wrote:
>> A couple of snips from the conversation:
>>
>>> For hosting providers it's usually an up-sell to your
>>> customers to add security
>>
>>> because it's each domain owner's responsibility to
>>> manage their own certificate.
>>
>> Extra cost and responsiblity can impede XMPP adoption.
>
> Look, if people don't want TLS, we're not forcing them to use it.
Well, but we want people to use TLS. If it's too difficult, then we'll
have a less secure network. And that seems like a Bad Thing even if it's
not our fault.
> There are other ways to streamline these things, such as making it
> easier for people running an XMPP server to get a certificate.
>
> As far as "cost", http://www.cacert.org/ -- use it, love it, urge
> everyone to add their root certificate.
Yes, CAcert is great and I've been working with them to get support for
id-on-xmppAddr into their certs. But that doesn't necessarily make it
easier for people who are hosting a *lot* of XMPP domains to support TLS.
Peter
- --
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEBjMfNF1RSzyt3NURArkfAJ4nBianzS/6O8hMqAO6hWQxfbg0ugCghJEo
i9QdOduxMWNmN0cJwNogV4Y=
=jWZG
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://www.jabber.org/jdev/attachments/20060301/5e1eee67/attachment-0002.bin>
More information about the JDev
mailing list