[Operators] Obtaining XMPP-enabled certificate for server
flo at geekplace.eu
Tue Jul 19 14:15:40 UTC 2016
On 19.07.2016 16:06, Sam Whited wrote:
> On Tue, Jul 19, 2016 at 4:53 AM, Simon Josefsson <simon at josefsson.org> wrote:
>> I wonder if people really care about this usage any more -- it does not
>> scale well (all domains have to be encoded in the same cert => big
>> certs) and introduces an indirection which often leaves room for
> I don't understand what problem you're solving by doing this.
Isn't one problem that a cert with CN "example.org" will be valid for
all services found on example.org (simply speaking), whereas when using
SRV-ID restricts the cert to a particular service?
Of course, everything will become better once DANE is in wide use. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 603 bytes
Desc: OpenPGP digital signature
More information about the Operators