[Standards-JIG] RE: Standards-JIG] MUC Invitations, Jingle Relays, and Big Problems
jean-louis.seguineau at laposte.net
Wed Nov 8 19:24:50 UTC 2006
I am under the impression the proposal is in great part meant to palliate
the lack of proper XMPP aware certificates, as explained in the foreword
"because major CAs such as Verisign and Thawte probably do not have an
interest in completing such work..."
In effect it may well be a good initiative to lower the number of
inappropriate cases you allude to.
Date: Wed, 08 Nov 2006 18:59:10 +0100
From: Philipp Hancke <fippo at goodadvice.pages.de>
Subject: Re: [Standards-JIG] RE: Standards-JIG] MUC Invitations,
Jingle Relays, and Big Problems
To: XMPP Extension Discussion List <standards-jig at jabber.org>
Message-ID: <45521AEE.9000306 at goodadvice.pages.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Peter Saint-Andre wrote:
What about starting with more essential things like ensuring that
everyone who wants to be part of the network has to present a
certificate that contains the correct CN/id-on-xmppAddr for their host?
Currently, if you want to federate with some hosts you have to violate
rule #8 in section 5.1 (*) or ignore the expected identity mismatch
stuff in section 14.
If my server connects to 'montague' and the remote side shows a
certificate for 'capulet', this is a problem. If my server
continues connecting, this is defeating any security that TLS
may yield. Yet this is something that seems to be done quite
(*) if your server implementation checks this at all
More information about the Standards