[Standards-JIG] RE: Standards-JIG] MUC Invitations, Jingle Relays, and Big Problems
fippo at goodadvice.pages.de
Wed Nov 8 17:59:10 UTC 2006
Peter Saint-Andre wrote:
What about starting with more essential things like ensuring that
everyone who wants to be part of the network has to present a
certificate that contains the correct CN/id-on-xmppAddr for their host?
Currently, if you want to federate with some hosts you have to violate
rule #8 in section 5.1 (*) or ignore the expected identity mismatch
stuff in section 14.
If my server connects to 'montague' and the remote side shows a
certificate for 'capulet', this is a problem. If my server
continues connecting, this is defeating any security that TLS
may yield. Yet this is something that seems to be done quite
(*) if your server implementation checks this at all
More information about the Standards