[Standards-JIG] clarifying certificate handling

Peter Saint-Andre stpeter at jabber.org
Fri Sep 15 19:44:15 UTC 2006


rfc3920bis may need to address certificate handling in a more complete
manner than did RFC 3920. For example:

1. Section 5.1 of RFC 3920 says that an XMPP address must be represented
in the id-on-xmppAddr OID but does not say if an XMPP address may be
represented elsewhere in the certificate, specifically in the common
name (CN), which seems to be a widespread practice right now since it is
not easy to find a certification authority who will issue certificates
with the id-on-xmppAddr OID.

2. RFC 3920 is silent about wildcards (e.g., "*.example.com"), which may
be helpful in handling XMPP server components (ideally that would be
done with a separate id-on-xmppAddr OID for each component, but that may
not be realistic in the near term).

3. Some people have claimed that RFC 3920 does not address the issue of
revoked certificates, but I think that is handled by RFC 3280, which is
referenced from Section 14.2 of RFC 3920.

Any other feedback on this issue?

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20060915/612cefca/attachment.bin>


More information about the Standards mailing list