A self-signed certificate is free, you don't need a CA-issued certificate just t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		MattJ100 on May 19, 2014 \| parent \| context \| favorite \| on: Mandatory encryption on XMPP starts today A self-signed certificate is free, you don't need a CA-issued certificate just to use encryption. Most XMPP servers on the internet today are forgiving of certificates they don't trust - they will encrypt the connection and then use "dialback" to authenticate you based on DNS. Obviously falling back to DNS is not as secure, and as mentioned in the blog post - there are people working on ways to allow people to use any certificate (including self-signed) securely.

pdkl95 on May 19, 2014 [–]

> Most XMPP servers on the internet today are forgiving of certificates they don't trust...

I was not aware of that - I'll certainly investigate that possibility.

> Obviously falling back to DNS is not as secure

Of course, but it's still better than "plaintext".

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact