You are 100% correct! I have far too lazy to install my certificate again after I reinstalled Windows. So I just did it.
Anyway, truth be told, if the client can't use Jabber unless they get a certificate, chances are they will, which would not only benefit Jabber, but the internet as a whole. You could even use xmpp.org as the CA, which 'we' would have more control over: so 'we' could crack down on SPIMmers quite easily. You could even have a transition period in which the users are warned via a MOTD that they should acquire a certificate from xmpp.org before the other SASL mechanisms are removed from the server. Just by the way, are there any servers/clients that do support SASL EXTERNAL? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Saint-Andre Sent: 12 September 2007 05:19 PM To: XMPP Extension Discussion List Subject: Re: [Standards] [Fwd: I-D Action:draft-melnikov-digest-to-historic-00.txt] Jonathan Chayce Dickinson wrote: > Or, alternatively, what I said before, is that the SSL/TLS be two way, that > is both the client and the server present certificates (SASL EXTERNAL). TLS + SASL EXTERNAL is also mandatory-to-implement. But how many people have or use X.509 certificates? I seem to be just about the only person who signs their email with such a certificate on this list, or even on the security-related IETF lists. If even members of the IETF security mafia don't eat their own dogfood, I don't see how we can expect the average Jabber user to do so. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME cryptographic signature