[Standards-JIG] RE: Standards-JIG] MUC Invitations, Jingle Relays, and Big Problems

Jean-Louis Seguineau jean-louis.seguineau at laposte.net
Wed Nov 8 19:24:50 UTC 2006


I am under the impression the proposal is in great part meant to palliate
the lack of proper XMPP aware certificates, as explained in the foreword
"because major CAs such as Verisign and Thawte probably do not have an
interest in completing such work..."   

In effect it may well be a good initiative to lower the number of
inappropriate cases you allude to.

-----Original Message-----

Date: Wed, 08 Nov 2006 18:59:10 +0100
From: Philipp Hancke <fippo at goodadvice.pages.de>
Subject: Re: [Standards-JIG] RE: Standards-JIG] MUC Invitations,
	Jingle Relays,	and Big Problems
To: XMPP Extension Discussion List <standards-jig at jabber.org>
Message-ID: <45521AEE.9000306 at goodadvice.pages.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Peter Saint-Andre wrote:
[...]
> http://www.jabber.org/jsf/ica-proposal.html

What about starting with more essential things like ensuring that
everyone who wants to be part of the network has to present a
certificate that contains the correct CN/id-on-xmppAddr for their host?

Currently, if you want to federate with some hosts you have to violate
rule #8  in section 5.1 (*) or ignore the expected identity mismatch
stuff in section 14.

If my server connects to 'montague' and the remote side shows a
certificate for 'capulet', this is a problem. If my server
continues connecting, this is defeating any security that TLS
may yield. Yet this is something that seems to be done quite
often...

(*) if your server implementation checks this at all




More information about the Standards mailing list