[jdev] JID and X.509

Heiner Wolf wolf at bluehands.de
Wed Mar 8 07:39:45 CST 2006

Peter Saint-Andre wrote:
> Heiner Wolf wrote:
>> I am writing a Jabber CA. 
> Good luck. It's no fun to be a certification authority.


> If a JID for any kind of XMPP entity (e.g., client or server) is
> represented in a certificate, it MUST be represented as a UTF8String
> within an otherName entity inside the subjectAltName, using the [ASN.1]
> Object Identifier "id-on-xmppAddr" specified in Section 5.1.1 of this
> document.
> [...]
> RFC 3920 is clear on this. I would say that userID is not a candidate
> (although RFC 3920 does not prohibit that, since it says only that the
> JID MUST be stored as an otherName in the subjectAltName, IMHO it is not
> a good idea to store the same information in two places).

So it is "id-on-xmppAddr".

I don't know much about ASN.1 and X.509. Maybe you can give me a hint: 
The API I am using allows to put key value pairs like "countryName"-"UK" 
and "commonName"-"Wez Furlong" into the certificate. Would 
"id-on-xmppAddr"-"node at domain.tld" fit into the scheme?

I understand that the certificate holds keys as OIDs. Any idea how this 
fits to the mentioned key-value pairs? I doubt that X.509 APIs know the 
OID for id-on-xmppAddr. So I doubt that putting 
"id-on-xmppAddr"-"node at domain.tld" into my API does any good. Ideas?

> It will be stored as a JID of the form "node at domain.tld". It will not be
> stored as an XMPP URI (i.e., with a "xmpp:" prefix). It will not be
> stored with a "jabber:" prefix since no document defines that prefix.

Yes, just an accident, don't know how jabber: came into play here. :-)

Dr. Heiner Wolf
bluehands GmbH & Co.mmunication KG
+49 (0721) 16108 75
Jabber enabled Virtual Presence on the Web: www.lluna.de
Open Source Future History: www.galactic-developments.de

More information about the JDev mailing list