-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/3/13 9:24 AM, Jesse Thompson wrote: > On 11/28/13, 7:44 AM, Moonchild wrote: >> On 28/11/2013 13:44, Solomon Peachy wrote: >>> The second is that every XMPP service operator is required to >>> pay for a third-party for a TLS certificate. This isn't a >>> large cost in absolute terms, but does raise the bar for entry, >>> and represents an ongoing cost. (Anectdotally, most smaller >>> operators, myself included, were using self-signed certs to >>> enable secure C2S credential exhange.) >> >> So what about the Free-of-charge server SSL providers like >> StartSSL? I'm using them for a few services (including XMPP) and >> it doesn't cost me anything - while still having a valid and >> verified chain. >> >> Meaning: this (ongoing) cost shouldn't have to be a problem as >> long as there is still at least one provider willing to offer >> free SSL certificates to small/noncommercial entities, making the >> argument a purely political one. > > It's not just monetary costs. It's maintenance costs too. We have > 250 email domains. And, our team is not authoritative to > obtain/handle private keys for all of those domains. We've not > enabled XMPP for all of our domains primarily due to the projected > cost/hassle with managing 250 certificates for customers. > > We need POSH
We need POSH for authenticated encryption. If people think that unauthenticated encryption is good enough for some purposes, then they don't need POSH or DANE/DNSSEC. Personally I'd prefer authenticated encryption, so I still think that POSH is useful in the short to medium term and DANE/DNSSEC is useful in the long term. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSnhPDAAoJEOoGpJErxa2p6UsP/2Cd/qbQi2u2n0q5nna4hVTQ oCPjz5SYgq6uF2e/ZngUOKUuBqqepjQkLxIO4L/Cq+c+hTq2PSX+l0QBg95O3lYx XHK/iw5wvda6qugS2QfQ8SRK3TEZz/eVO8crqr/oS4sppc1LyNSy1hAID+gnJzoT U+rgXOG4FU2CzrcLAZnORi35vFXUGp8Epzpw0IXb4vQOZg0MV+DzaloNXwPPsBwo +S3MAZFZujrKiBMPpah5m6Gn4wjmelrVkyu2fUjl1THhaG8bVPYz/GoUv0A1Q+zy 2y3tmPyauVd09QWSgQqKiy3iGKAph79ElYXY+BjsneBVLuaLPXUqwTLiu9R9XTwF 1vVy1qorGMeXTOYvLHowui0YQWoyzTVxfpXr4e6OmjPiVLMBeLHQpNZ5+3yIA3S1 Qezx/5czq0jNYEPvUNOX+JEsjXkGDz4W8I9UrlsI9omKEsSd+2gzU8Bp427JI7yH OY3lrlIe7WCVsxIjK/KFyqFp0pX/UxWX9pB25EL20LjWPhzCK/Hd2lxgKcqAdSSa zJWr4DN9rO6tQ+mW7B4zHF3I5ElhfvJjjOzF/0d6nNU2e4rAy6o5Les6KvNJnKFK pv+db5vxfF3QcHfOT7sJPzTqjpLlOW8AUYGLosbcoIze1Q4H5TVHeMnsBUhs8JOi kiOx0w3kyZEH2a8UGGF9 =y3Po -----END PGP SIGNATURE-----
