There are parties vested in _not_ supporting CAcert - so that won't happen. But I'm not even talking about those:
CAs centralize trust and trust on the internet is a hot topic right now.
Right now there's a certain homogenity in which CAs are supported by vendors. And for those that aren't, it isn't much of an issue in the web browser because users can manually click through.
Now consider the talk about "Why is CNNIC/TurkTrust/Symantec in my list?" that's raised by various parties recently (concerned about the influence the governments of China, Turkey and the USA respectively can exert), what happens when XMPP servers decide not to trust CNNIC (to pick one)?
Users will only notice in that they can't talk to peers. They won't know which server is responsible (or if maybe the GFW is kicking in) and there's nothing they can do about it.
From the point of server operators, with mandantory CA signatures they have to decide if they're rather willing to drop perfectly fine connections or if they're accepting "secure" connections subverted by parties they weren't willing to trust in the first place.
Yes there is a lot of red tape surrounding certificates, but I was specifically suggesting that the authors of XMPP clients and servers could agree on these 2 alternative CAs.
Right now there's a certain homogenity in which CAs are supported by vendors. And for those that aren't, it isn't much of an issue in the web browser because users can manually click through.
Now consider the talk about "Why is CNNIC/TurkTrust/Symantec in my list?" that's raised by various parties recently (concerned about the influence the governments of China, Turkey and the USA respectively can exert), what happens when XMPP servers decide not to trust CNNIC (to pick one)?
Users will only notice in that they can't talk to peers. They won't know which server is responsible (or if maybe the GFW is kicking in) and there's nothing they can do about it.
From the point of server operators, with mandantory CA signatures they have to decide if they're rather willing to drop perfectly fine connections or if they're accepting "secure" connections subverted by parties they weren't willing to trust in the first place.