[Standards-JIG] wildcards in certs

Mridul mridul at sun.com
Wed Nov 22 19:20:36 UTC 2006


Our understanding is, the way it is worded, it means: instead of using 
dNSName subjectAltName use xmpp subjectAltName.
The way it is described here, it could have been written as : use xmpp 
subjectAltName if available, else fall back to provisions in http-tls.

http tls spec defines the expectations and behaviour of dNSName 
subjectAltName.
We could just have similar (and requirement specific) provisions for 
xmpp subjectAltName which xmpp rfc defines.

Regards,
Mridul

Matthias Wimmer wrote:
> Hi Peter!
>
> Peter Saint-Andre schrieb:
>   
>> Currently, wildcards are not allowed in the XMPP OID defined in RFC
>> 3920, but it seems they might be quite useful. What do people here think
>> about allowing them?
>>     
>
> I don't think, that we need wildcards in id-on-xmppAddr, as I currently
> think that wildcards are only useful in xmppAddresses, that only consist
> of a domain (i.e. having no user and no resource).
>
> I'd prefer to use the dNSName OID to be used for such wildcarded
> addresses. In my optinion id-on-xmppAddr should be limited to only
> contain valid XMPP addresses, and a wildcarded domain is no valid XMPP
> address.
>
> Therefore I'd like to see wildcard support, but I am against using
> id-on-xmppAddr for this.
>
>
> Matthias
>
>
>   




More information about the Standards mailing list