[jdev] Hosting issues

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Thu Sep 15 19:44:22 CDT 2005

On Thursday 15 September 2005 04:56 pm, Steven Peterson wrote:
> > The forced host name is not  relevant to TLS, just like the IP address
> > that it resolves to.  All that matters is the desired Jabber domain. 
> > Users have a bad enough time trying to determine whether or not something
> > is secure, and adding further rules/exceptions would only make it worse.
> The rules can be hidden from the user.  If a user forces a server,
> then the client application can accept either the cert for the forced
> server or for the user's domain.

This implies that the forced server is allowed to act as the Jabber domain, 
which it isn't.  At the very least this extra trust would have to be 

IMO, this is not worth bothering with, since we already have a better 
solution: XMPP OtherName.  We need changes to clients to support either 
method, so we may as well do it the right way.


More information about the JDev mailing list