[Standards-JIG] RE: Standards-JIG] MUC Invitations, Jingle Relays,
and Big Problems
Philipp Hancke
fippo at goodadvice.pages.de
Wed Nov 8 11:59:10 CST 2006
Peter Saint-Andre wrote:
[...]
> http://www.jabber.org/jsf/ica-proposal.html
What about starting with more essential things like ensuring that
everyone who wants to be part of the network has to present a
certificate that contains the correct CN/id-on-xmppAddr for their host?
Currently, if you want to federate with some hosts you have to violate
rule #8 in section 5.1 (*) or ignore the expected identity mismatch
stuff in section 14.
If my server connects to 'montague' and the remote side shows a
certificate for 'capulet', this is a problem. If my server
continues connecting, this is defeating any security that TLS
may yield. Yet this is something that seems to be done quite
often...
(*) if your server implementation checks this at all
More information about the Standards-JIG
mailing list