On 28/11/2013 13:44, Solomon Peachy wrote: > The second is that every XMPP service operator is required to pay for a > third-party for a TLS certificate. This isn't a large cost in absolute > terms, but does raise the bar for entry, and represents an ongoing cost. > (Anectdotally, most smaller operators, myself included, were using > self-signed certs to enable secure C2S credential exhange.)
So what about the Free-of-charge server SSL providers like StartSSL? I'm using them for a few services (including XMPP) and it doesn't cost me anything - while still having a valid and verified chain. Meaning: this (ongoing) cost shouldn't have to be a problem as long as there is still at least one provider willing to offer free SSL certificates to small/noncommercial entities, making the argument a purely political one.
