[Standards-JIG] Re: wildcards in certs

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Tue Nov 28 06:46:34 UTC 2006


On Monday 27 November 2006 11:32 am, Peter Saint-Andre wrote:
>  If a JID for an XMPP server is represented in a certificate, it SHOULD
> at a minimum be represented as a UTF8String within an otherName entity
> inside the subjectAltName, using the [ASN.1] Object Identifier
> "id-on-xmppAddr" specified in Section 5.1.1 of this document; however,
> the JID for an XMPP server MAY be represented as a subjectAltName
> extension of type dNSName [...]

The "at minimum" part confuses me.  Does this mean an XMPP server with 
wildcards would want to use both otherName and dNSName simultaneously?

I assume dNSName would be preferred over otherName, if it exists?  If so, that 
should probably be mentioned.  Hmm, what is the purpose of having otherName 
in that case, if dNSName takes precedence?

-Justin



More information about the Standards mailing list