[Standards] Re: XEP-178

Matthias Wimmer m at tthias.eu
Thu Feb 1 21:11:43 UTC 2007


Hi Peter!

Peter Saint-Andre schrieb:
> What about wildcards? I guess things should be OK as long as there is no 
> wildcard in the XMPP OID (i.e., id-on-xmppAddr). But what should the 
> receiving server do if the connection comes from "conference.jabber.org" 
> but the id-on-xmppAddr has "jabber.org" (even if the dnsName has 
> "*.jabber.org") and the OID is checked first?

I think you would always check _all_ dNSName and id-on-xmppAddr 
extensions and accept the certificate if anyone matches.

You would also not stop comparing extensions if you first get 
users.jabber.org and you would continue checking the second extension 
which might be conference.jabber.org


Matthias

-- 
Matthias Wimmer      Fon +49-700 77 00 77 70
Züricher Str. 243    Fax +49-89 95 89 91 56
81476 München        http://ma.tthias.eu/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4263 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070201/5542a2a3/attachment.bin>


More information about the Standards mailing list