Comment 38 for bug 296867

Not to mention that the proposed idea for implementing encryption over Jabber doesn't give the same level of privacy guarantees as OTR, nor is it actually as nice a standard in a lot of other ways.

The average user will never generate an X.509 certificate for themselves. Anything based on that kind of technology is broken from the start. It's like making an email application that requires the user be in X.500 directory before it delivers mail.