[Standards] Re: XEP-178
Peter Saint-Andre
stpeter at jabber.org
Thu Feb 1 15:06:38 CST 2007
Matthias Wimmer wrote:
> Hi Peter!
>
> Peter Saint-Andre schrieb:
>> We would not forbid it for servers, but we would not require it
>> either. Or at least we would say that you should check the dnsName
>> first. This would modify the text in rfc3920bis.
>
> I'll have to check what we currently have in the XEP. The way I
> implemented it is: check if there is a matching id-on-xmppAddr or
> dNSName (doesn't matter in which order this is done). If there was a
> match => accept. If there was no match, but on of these two extensions
> was present => decline. Else => check CN.
What about wildcards? I guess things should be OK as long as there is no
wildcard in the XMPP OID (i.e., id-on-xmppAddr). But what should the
receiving server do if the connection comes from "conference.jabber.org"
but the id-on-xmppAddr has "jabber.org" (even if the dnsName has
"*.jabber.org") and the OID is checked first?
Peter
--
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20070201/27729410/smime.bin
More information about the Standards
mailing list