[jdev] virtual hosting and certificate checking

[JD Conley]

> Well, but we want people to use TLS. If it's too difficult, then we'll
> have a less secure network. And that seems like a Bad Thing even if
it's
> not our fault.

DNS is a much bigger hurdle to XMPP virtual hosting and adoption than
certificates. People are already used to installing/purchasing
certificates for HTTP, SMTP, IMAP, etc and self signed or cacert certs
may suffice. However, most don't have a clue what a SRV record is. When
you also host someone's DNS, automating this is simple, but when you
don't, it gets very complicated. Most ASP's don't even support SRV.

I'd say tied with DNS is education -- hopefully GTalk will help with
this. People (even most geeks I talk to) have the idea that IM is either
this magical service like AIM or a closed system they can run where they
can't talk to anyone but those in their company. The whole cross-domain
secure IM concept still hasn't quite sunk in. At least, that's my
experience after talking with many, many people outside of our
microscopic (perhaps nano-sized, even) XMPP geek circle. Much education,
aka marketing, is needed.

-JD Conley