[Standards-JIG] Re: mutual auth with SASL

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Fri Jun 2 19:13:30 UTC 2006


On Friday 02 June 2006 11:21, Peter Saint-Andre wrote:
> Mutual authentication between client and server would also be cool.

I know you mean client X.509, but before anyone freaks out I just wanted to 
say that we certainly have mutual authentication today.

Clients are able to authenticate to the server, we learn this in Jabber 
kindergarten. :)  And the server can authenticate itself to the client, via 
X.509.  These have been in common use for years.

> first we need to better define client-side handling of end-user certs
> (and other credentials).

I figured the RFC covered this well enough, but it can't hurt to be more 
explicit.  What do you think is missing?

-Justin



More information about the Standards mailing list