Hi Claudiu, > Fair point, although I find it very hard to believe that anyone nowadays > still runs an email server or Jabber server and hasn't completely turned off > plaintext comms. Using plaintext comms for such communication is wrong on so > many levels that I don't even want to get into such a discussion. Agreed on the moral point. However, I'd like to see stats on how many public services allow plaintext comm and which ratio of those even accepts plaintext auth over the unencrypted channel.
I, for myself, have enabled unencrypted communications on my XMPP service, even for s2s. Why? Because the documentation of the server software I use recommends it to increase interoperability. Because other servers might reject my fine CACert certifiacte (although I'll look into StartSSL). regards, Jonas W.
