Jonathan Schleifer wrote: > Am 19.08.2008 um 04:37 schrieb Peter Saint-Andre: > >> I think that obtaining a client certificate from the XMPP ICA would >> be simpler than obtaining a server certificate. The process for >> obtaining a server certificate is explained at https://www.xmpp.net/ >> (I'm offline right now and I don't remember the exact URL) -- it >> involves requesting a website account at xmpp.net, website admin >> approval based on access to one of the official email addresses or >> one of the email addresses in the whois record, then logging into >> the xmpp.net website to visit a "jump page" from which you can >> finally access the CA site, etc. By contrast, I think that to obtain >> a client certificate your client would act on your behalf to >> interact in-band with an XMPP service at xmpp.net or maybe >> xmpp.startcom.org, with little or no involvement by the user except >> to click a big "please generate a security certificate for me" >> button and probably visit a special URL provided in a message (which >> message would probably be an x:data form that is specially handled >> by the client, not a standard message with a human-readable body). > > Sorry, but not average user will do that, ever. Even most geeks won't > do that due to lazyness.
If it is a simple "click" than user will use it, but it has no value. I can create an account and name myself "Peter Saint-Andre". After that I click on "create signature" and get a signature for that. That is useless. A signature means: it is that person. So a certification process has to be more complex and I agree with Jonathan here: no average user will do that. It is much easier to get verified by people you know than from a CA. So IMHO the CA idea is nice but not usable. Dirk -- In a world of freedom, why do some people use windows and gates?
