[Standards] Re: XEP-178

Mridul mridul at sun.com
Fri Feb 2 02:44:59 UTC 2007


Matthias Wimmer wrote:
> Hi Peter!
>
> Peter Saint-Andre schrieb:
>> We would not forbid it for servers, but we would not require it 
>> either. Or at least we would say that you should check the dnsName 
>> first. This would modify the text in rfc3920bis.
>
> I'll have to check what we currently have in the XEP. The way I 
> implemented it is: check if there is a matching id-on-xmppAddr or 
> dNSName (doesn't matter in which order this is done). If there was a 
> match => accept. If there was no match, but on of these two extensions 
> was present => decline. Else => check CN.
>
>
> Matthias
>
Hi Matthias,

We always check CN in case xmpp-oid and/or dnsName do not match the 
asserted domain.

Regards,
Mridul




More information about the Standards mailing list