> 2) TLS and s2s > > My users will not have certs for their domains, and even if they did, > I wouldn't want to be responsible for keeping their private keys > secret. TLS is not an option for my service.
Why not? You might think about obtaining cacert certs during provisioning as a part of your service. You can own the private key for jabber.domain.com and that would not conflict with any domain.com certificates they may already have. Then as discussed their DNS host would put an SRV record to point to your jabber server. I think that would work anyway... > The XMPP specification says that the name in the cert should match > domain part of the user's id. This is a problem because I will not > have the cert for my users' domains as mentioned above. Hmm, I guess that blows my idea out of the water! -- Psi webmaster (http://psi-im.org) im:[EMAIL PROTECTED] http://halr9000.com
