On Thu Aug 21 21:25:51 2008, Jonathan Dickinson wrote:
We can have xmpp.net as the IC.
Assuming, by IC, you mean CA, I don't think the vast majority of users will want to trouble themselves with a CA signed certificate.
I think the majority of users will be fine with a self-signed cert and either leap-of-faith or some form of authentication code, whether that's SAS, fingerprint exchange, or whatever.
Moreover, I think that level of security is just fine, too - I think the kinds of deployments where X.509 PKI is important will have their own infrastructure in place, and will want all the exciting things like signed pubsub and MUC, and similar kinds of fun and games, where a lot of this kind of security won't apply at all.
In those kinds of deployment, end-to-end encryption is often not important, or even allowed - just the strong authentication is what's needed.
Dave. -- Dave Cridland - mailto:[EMAIL PROTECTED] - xmpp:[EMAIL PROTECTED] - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
