> But Remko's right, if we require two passwords (one for Jabber, one for a > private key) then a lot of people will just make them the same, completely > defeating the point. I think we'll have this problem whether or not the > private keys are stored on the server or locally.
Exactly, and I don't think we should care. It's impossible for someone to have a secure communication if that person is not willing to read and follow dialogs. It's our job to educate people the best that we can (cfr. Firefox 3's error dialog on self-signed certificates, Brendan's Gajim UI, ...), and if people still choose to ignore this, that's their problem. We should, however, never compromise security for people who *do* care, so I'm not a fan of most of the 'aunt tilly' points in these security threads (unless they are about *explaining* security in a clear way to aunt tilly). cheers, Remko
