[Standards] Proposed XMPP Extension: Client Certificate Management for SASL EXTERNAL
dmeyer at tzi.de
Thu Dec 4 18:12:26 UTC 2008
Philipp Hancke wrote:
> why does the client generate the certificate? Sending a CSR to the
> server and signing it there (which may take a long time) seems
> easier from the certificate managment point of view.
IMHO it is more complicated. Why doing a complex CSR (which as you wrote
may take a long time) when a client can upload a certificate. The client
is trusted when doing so and the certificate only has to work between
> And it results in a certificate signed by an entity that the server
Well, the server can trust the client with its own certificate. But you
raise an interessting point: what do others think? CSR or the other
way. Alexey already wrote that he prevers not to deal with CSR.
A mathematician is a machine for converting coffee into theorems.
More information about the Standards