On Wed, May 18, 2005 at 09:10:26PM +0200, Stephen Marquard wrote: > 5. The main barrier to TLS+SASL on the public jabber network seems to be > the long-standing debate about which CAs should and shouldn't be > trusted. This seems to be come up about every 6 months. > > So if everyone with an interest in the public jabber network could agree > on 5, then we could all get on with implementing TLS+SASL support in a > way which had some practical benefit outside intranet deployments, and > produce XMPP-compliant servers.
I've been getting more heavily involved with CAcert.org, and the number of assurers for CAcert is starting to take off. This enables people all over the world to acquire domain certificates without paying large sums of money to commercial certificate authorities. Having a cert from a commercial CA proves that you once possessed a few hundred dollars and now that money is in the bank account of the CA. Having a cert from CAcert proves that you met with some assurers (or other trusted third parties, such as public notaries in the U.S.) and those people compared two of your government-issued identity documents with your real-life person and affirmed that they identify one and the same person. We can debate which of these approaches is superior, but I rather like the CAcert approach because it is based on something more significant than paying X dollars to some company. Plus it is open to people who could not otherwise afford a domain-level certificate (there are lots of Jabber servers in places like Belarus and Indonesia, where $200 for a cert is a *lot* of money). Outside of CAcert, XMPP servers could of course also trust the same CAs that are trusted by, say, Mozilla (see tthe old and perhaps infamous ca-bundle.crt file that was originally created by exporting the trusted root CAs from Communicator 4.72, I think). Peter -- Peter Saint-Andre Jabber Software Foundation http://www.jabber.org/people/stpeter.shtml _______________________________________________ jdev mailing list [email protected] http://mail.jabber.org/mailman/listinfo/jdev
