[Standards-JIG] wildcards in certs

Mridul mridul at sun.com
Wed Nov 22 19:20:36 UTC 2006

Our understanding is, the way it is worded, it means: instead of using 
dNSName subjectAltName use xmpp subjectAltName.
The way it is described here, it could have been written as : use xmpp 
subjectAltName if available, else fall back to provisions in http-tls.

http tls spec defines the expectations and behaviour of dNSName 
We could just have similar (and requirement specific) provisions for 
xmpp subjectAltName which xmpp rfc defines.


Matthias Wimmer wrote:
> Hi Peter!
> Peter Saint-Andre schrieb:
>> Currently, wildcards are not allowed in the XMPP OID defined in RFC
>> 3920, but it seems they might be quite useful. What do people here think
>> about allowing them?
> I don't think, that we need wildcards in id-on-xmppAddr, as I currently
> think that wildcards are only useful in xmppAddresses, that only consist
> of a domain (i.e. having no user and no resource).
> I'd prefer to use the dNSName OID to be used for such wildcarded
> addresses. In my optinion id-on-xmppAddr should be limited to only
> contain valid XMPP addresses, and a wildcarded domain is no valid XMPP
> address.
> Therefore I'd like to see wildcard support, but I am against using
> id-on-xmppAddr for this.
> Matthias

More information about the Standards mailing list