[jdev] JID and X.509
wolf at bluehands.de
Wed Mar 8 07:39:45 CST 2006
Peter Saint-Andre wrote:
> Heiner Wolf wrote:
>> I am writing a Jabber CA.
> Good luck. It's no fun to be a certification authority.
> If a JID for any kind of XMPP entity (e.g., client or server) is
> represented in a certificate, it MUST be represented as a UTF8String
> within an otherName entity inside the subjectAltName, using the [ASN.1]
> Object Identifier "id-on-xmppAddr" specified in Section 5.1.1 of this
> RFC 3920 is clear on this. I would say that userID is not a candidate
> (although RFC 3920 does not prohibit that, since it says only that the
> JID MUST be stored as an otherName in the subjectAltName, IMHO it is not
> a good idea to store the same information in two places).
So it is "id-on-xmppAddr".
I don't know much about ASN.1 and X.509. Maybe you can give me a hint:
The API I am using allows to put key value pairs like "countryName"-"UK"
and "commonName"-"Wez Furlong" into the certificate. Would
"id-on-xmppAddr"-"node at domain.tld" fit into the scheme?
I understand that the certificate holds keys as OIDs. Any idea how this
fits to the mentioned key-value pairs? I doubt that X.509 APIs know the
OID for id-on-xmppAddr. So I doubt that putting
"id-on-xmppAddr"-"node at domain.tld" into my API does any good. Ideas?
> It will be stored as a JID of the form "node at domain.tld". It will not be
> stored as an XMPP URI (i.e., with a "xmpp:" prefix). It will not be
> stored with a "jabber:" prefix since no document defines that prefix.
Yes, just an accident, don't know how jabber: came into play here. :-)
Dr. Heiner Wolf
bluehands GmbH & Co.mmunication KG
+49 (0721) 16108 75
Jabber enabled Virtual Presence on the Web: www.lluna.de
Open Source Future History: www.galactic-developments.de
More information about the JDev