[Standards-JIG] RE: Standards-JIG] MUC Invitations, Jingle Relays, and Big Problems

Peter Saint-Andre stpeter at jabber.org
Wed Nov 8 18:28:02 UTC 2006


Philipp Hancke wrote:
> Peter Saint-Andre wrote:
> [...]
>> http://www.jabber.org/jsf/ica-proposal.html
> 
> What about starting with more essential things like ensuring that
> everyone who wants to be part of the network has to present a
> certificate that contains the correct CN/id-on-xmppAddr for their host?

Sure, the correct OID will be in the certificates issued by the ICA. 
Right now it's hard to obtain such certificates (you can generate a 
self-signed certificate with the correct OID but that sort of defeats 
the purpose, too, no?).

> Currently, if you want to federate with some hosts you have to violate
> rule #8  in section 5.1 (*) or ignore the expected identity mismatch
> stuff in section 14.

Bug reports rock.

> If my server connects to 'montague' and the remote side shows a
> certificate for 'capulet', this is a problem. If my server
> continues connecting, this is defeating any security that TLS
> may yield. Yet this is something that seems to be done quite
> often...

Agreed. So let's fix that. Deploying correct certificates will help.

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20061108/f8e6d0a8/attachment.bin>


More information about the Standards mailing list