> Well, but we want people to use TLS. If it's too difficult, then we'll > have a less secure network. And that seems like a Bad Thing even if it's > not our fault.
DNS is a much bigger hurdle to XMPP virtual hosting and adoption than certificates. People are already used to installing/purchasing certificates for HTTP, SMTP, IMAP, etc and self signed or cacert certs may suffice. However, most don't have a clue what a SRV record is. When you also host someone's DNS, automating this is simple, but when you don't, it gets very complicated. Most ASP's don't even support SRV. I'd say tied with DNS is education -- hopefully GTalk will help with this. People (even most geeks I talk to) have the idea that IM is either this magical service like AIM or a closed system they can run where they can't talk to anyone but those in their company. The whole cross-domain secure IM concept still hasn't quite sunk in. At least, that's my experience after talking with many, many people outside of our microscopic (perhaps nano-sized, even) XMPP geek circle. Much education, aka marketing, is needed. -JD Conley
