[Standards-JIG] RE: Standards-JIG] MUC Invitations, Jingle Relays, and Big Problems
stpeter at jabber.org
Wed Nov 8 18:28:02 UTC 2006
Philipp Hancke wrote:
> Peter Saint-Andre wrote:
> What about starting with more essential things like ensuring that
> everyone who wants to be part of the network has to present a
> certificate that contains the correct CN/id-on-xmppAddr for their host?
Sure, the correct OID will be in the certificates issued by the ICA.
Right now it's hard to obtain such certificates (you can generate a
self-signed certificate with the correct OID but that sort of defeats
the purpose, too, no?).
> Currently, if you want to federate with some hosts you have to violate
> rule #8 in section 5.1 (*) or ignore the expected identity mismatch
> stuff in section 14.
Bug reports rock.
> If my server connects to 'montague' and the remote side shows a
> certificate for 'capulet', this is a problem. If my server
> continues connecting, this is defeating any security that TLS
> may yield. Yet this is something that seems to be done quite
Agreed. So let's fix that. Deploying correct certificates will help.
Jabber Software Foundation
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards