[Standards-JIG] Re: wildcards in certs
justin-keyword-jabber.093179 at affinix.com
Tue Nov 28 06:46:34 UTC 2006
On Monday 27 November 2006 11:32 am, Peter Saint-Andre wrote:
> If a JID for an XMPP server is represented in a certificate, it SHOULD
> at a minimum be represented as a UTF8String within an otherName entity
> inside the subjectAltName, using the [ASN.1] Object Identifier
> "id-on-xmppAddr" specified in Section 5.1.1 of this document; however,
> the JID for an XMPP server MAY be represented as a subjectAltName
> extension of type dNSName [...]
The "at minimum" part confuses me. Does this mean an XMPP server with
wildcards would want to use both otherName and dNSName simultaneously?
I assume dNSName would be preferred over otherName, if it exists? If so, that
should probably be mentioned. Hmm, what is the purpose of having otherName
in that case, if dNSName takes precedence?
More information about the Standards