[Standards] Proposed XMPP Extension: Client Certificate Management for SASL EXTERNAL

Philipp Hancke fippo at goodadvice.pages.de
Thu Dec 4 10:09:06 UTC 2008


XMPP Extensions Editor schrieb:
> The XMPP Extensions Editor has received a proposal for a new XEP.
> 
> Title: Client Certificate Management for SASL EXTERNAL
> 
> Abstract: This specification defines a method to manage client certificates that can be used with SASL External to allow clients to log in without a password.
> 
> URL: http://www.xmpp.org/extensions/inbox/sasl-external-cert-handling.html
> 
> The XMPP Council will decide at its next meeting whether to accept this proposal as an official XEP.


why does the client generate the certificate? Sending a CSR to the
server and signing it there (which may take a long time) seems
easier from the certificate managment point of view. And it results
in a certificate signed by an entity that the server trusts.

Philipp



More information about the Standards mailing list