[Standards-JIG] RE: Standards-JIG] MUC Invitations, Jingle Relays, and Big Problems

Philipp Hancke fippo at goodadvice.pages.de
Wed Nov 8 17:59:10 UTC 2006


Peter Saint-Andre wrote:
[...]
> http://www.jabber.org/jsf/ica-proposal.html

What about starting with more essential things like ensuring that
everyone who wants to be part of the network has to present a
certificate that contains the correct CN/id-on-xmppAddr for their host?

Currently, if you want to federate with some hosts you have to violate
rule #8  in section 5.1 (*) or ignore the expected identity mismatch
stuff in section 14.

If my server connects to 'montague' and the remote side shows a
certificate for 'capulet', this is a problem. If my server
continues connecting, this is defeating any security that TLS
may yield. Yet this is something that seems to be done quite
often...

(*) if your server implementation checks this at all



More information about the Standards mailing list