[Standards] compliance: cert(s)

Peter Saint-Andre stpeter at jabber.org
Fri Jun 15 15:55:21 CDT 2007


Matthias Wimmer wrote:
> Hi Peter!
> 
> Peter Saint-Andre schrieb:
>>> You also won't
>>> find any recommended CA in RFC 2818 (HTTP over TLS).
>> Certificates for websites don't include specialized OIDs, either.
> 
> Well dNSName is some sort of specialized OID for websites (and other
> services using the same addressing sceme 'domains'). The id-on-xmppAddr
> is also not a special OID for XMPP, but an OID for any service sharing
> the same address space (e.g. my SMS service shares the address space
> with my Jabber server and e.g. if I would authenticate the SMS clients
> using X.509 certificates, I would have to use id-on-xmppAddr as well.
> 
>> How do you suggest we make server developers aware that it's a good idea
>> to bundle the XMPP ICA cert and StartCom root cert (and for client
>> developers the root cert)?
> 
> Do we really have to make them aware of? The fact that the XSF runs the
> ICA and that many servers in Jabber space already use certificates from
> there should make server developers  aware enough about the existence of
> the StartCom CA and that it is good to bundle this CA.
> 
> So well my "problem" might be, that I do not see any need to make
> developers more aware of the existence as they already are.

Sure, I see your point.

Peter

-- 
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20070615/4b23c7d3/smime-0001.bin


More information about the Standards mailing list