[Standards] Proposed XMPP Extension: Client Certificate Management for SASL EXTERNAL

Dirk Meyer dmeyer at tzi.de
Thu Dec 4 18:12:26 UTC 2008

Philipp Hancke wrote:
> why does the client generate the certificate? Sending a CSR to the
> server and signing it there (which may take a long time) seems
> easier from the certificate managment point of view. 

IMHO it is more complicated. Why doing a complex CSR (which as you wrote
may take a long time) when a client can upload a certificate. The client
is trusted when doing so and the certificate only has to work between
these two.

> And it results in a certificate signed by an entity that the server
> trusts.

Well, the server can trust the client with its own certificate. But you
raise an interessting point: what do others think? CSR or the other
way. Alexey already wrote that he prevers not to deal with CSR.


A mathematician is a machine for converting coffee into theorems.

More information about the Standards mailing list