[Standards] compliance: cert(s)
Peter Saint-Andre
stpeter at jabber.org
Thu Jun 14 17:48:19 CDT 2007
Matthias Wimmer wrote:
> Peter Saint-Andre schrieb:
>> Would it be appropriate to recommend that client and server developers
>> bundle support for the root certificate under which the XMPP ICA
>> issues domain certificates?
>
> I thought compliance is about supported protocols and not about deployment.
That's correct. This would be in the implementation notes.
My proposed text for the implementation notes in XEP-0211 (Client) is:
******
3. Implementation Notes
Some of the protocol specifications referenced herein have their own
dependencies; developers must refer to the relevant specifications for
further information.
Developers are advised to refer to Best Practices for Use of SASL
EXTERNAL [10] regarding proper implementation of the SASL EXTERNAL
mechanism in XMPP. Given the wide deployment of domain certificates
issued by the XMPP Intermediate Certification authority, developers
should also consider bundling the root certificate of the StartCom Free
SSL Certification Authority [11] with their software. [12]
...
10. XEP-0178: Best Practices for Use of SASL EXTERNAL
<http://www.xmpp.org/extensions/xep-0178.html>.
11. The StartCom Free SSL Certification Authority is a certification
authority that offers free or low-cost X.509 certificates to Internet
user and server administrators. It is is also the root CA for the XMPP
Intermediate Certification Authority run by the XMPP Standards
Foundation. For further information, see <http://cert.startcom.org/>.
12. The root certificate is located at
"http://cert.startcom.org/ca.crt". It is not necessary for clients to
bundle the ICA certificate since the full certificate chain should be
presented by deployed servers.
******
And for XEP-0212 (Server):
******
3. Implementation Notes
Some of the protocol specifications referenced herein have their own
dependencies; developers must refer to the relevant specifications for
further information.
Developers are advised to refer to Best Practices for Use of SASL
EXTERNAL [10] regarding proper implementation of the SASL EXTERNAL
mechanism in XMPP. Given the wide deployment of domain certificates
issued by the XMPP Intermediate Certification authority, developers
should also consider bundling the root certificate of the StartCom Free
SSL Certification Authority [11] with their software. [12]
...
10. XEP-0178: Best Practices for Use of SASL EXTERNAL
<http://www.xmpp.org/extensions/xep-0178.html>.
11. The StartCom Free SSL Certification Authority is a certification
authority that offers free or low-cost X.509 certificates to Internet
user and server administrators. It is is also the root CA for the XMPP
Intermediate Certification Authority run by the XMPP Standards
Foundation. For further information, see <http://cert.startcom.org/>.
12. The root certificate is located at
"http://cert.startcom.org/ca.crt". It is recommended for servers to also
bundle the ICA certificate since the full certificate chain should be
presented by deployed servers; the ICA certificate is located at
"http://cert.startcom.org/sub.class1.xmpp.ca.crt".
******
/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20070614/2b989f74/smime.bin
More information about the Standards
mailing list