Am 19.08.2008 um 04:37 schrieb Peter Saint-Andre:
I think that obtaining a client certificate from the XMPP ICA would be simpler than obtaining a server certificate. The process for obtaining a server certificate is explained at https://www.xmpp.net/ (I'm offline right now and I don't remember the exact URL) -- it involves requesting a website account at xmpp.net, website admin approval based on access to one of the official email addresses or one of the email addresses in the whois record, then logging into the xmpp.net website to visit a "jump page" from which you can finally access the CA site, etc. By contrast, I think that to obtain a client certificate your client would act on your behalf to interact in-band with an XMPP service at xmpp.net or maybe xmpp.startcom.org, with little or no involvement by the user except to click a big "please generate a security certificate for me" button and probably visit a special URL provided in a message (which message would probably be an x:data form that is specially handled by the client, not a standard message with a human-readable body).
Sorry, but not average user will do that, ever. Even most geeks won't do that due to lazyness.
-- Jonathan
PGP.sig
Description: This is a digitally signed message part
