Peter Saint-Andre talks about making Jabber more Secure:

  1. Get all the Jabberd’s using SASL and TLS (as per RFC)

    2. I think plumpy’s jabberd already does this.
  2. Get XMPP addresses into standard certificates.
  3. Set up a Cert authority

    4. 2 and 3 are… well.. I don’t know. I think cert authorities are dumb. Can’t we do a web of trust instead of a tree?
  4. Start with s2s, then do s2c.
Aren’t we pretty much all the way there on s2c? I think s2s is the last remaining challenge.