To get back to one part of the earlier discussion, where we
brainstormed a bit about user and client certificates.
There are several phone clients for IM, the most recent one I
discovered being MobileChat for iPhone, that builds on a model where I
have to trust them with my credentials for my jabber service. I don't.
And if I do trust them, then change my mind, I have to ask my XMPP
server manager to change my password or do it myself, then just hope
that it's going to work out for the best. Then I have to change
password stored in all my clients and devices. There's nothing on the
web site that helps me to evaluate the trust I should put in them and
their service.
Now, if I could issue a client cert for them, signed with my user
cert, I could revoke that in the server and still keep all my other
credentials valid.
Signed
"The campaign for XMPP User/Client certificates"
