[Standards] XMPP Certificate checking algorithm

Shumon Huque shuque at isc.upenn.edu
Sun Feb 17 22:23:58 UTC 2008


Hello,

Peter Saint-Andre suggested that I move a discussion we've been
having on the Adium Developer's mailing list here, regarding XMPP's 
certificate validity checking algorithm.

Here is the original set of issues that I brought up:

  http://adiumx.com/pipermail/adium-devl_adiumx.com/2008-February/004601.html

And the current sensible consensus on what to check in the
certificate is:

  1. If client/server software explicitly specifies the server hostname
     to connect to, use that hostname in the certificate check.
  2. If not, use the domain identifier portion of the JID.

In a later message in the same thread, I brought up the additional
possibility of using RFC 4985 to perform certificate checks:

  http://adiumx.com/pipermail/adium-devl_adiumx.com/2008-February/004626.html

Does anyone have thoughts on these issues/suggestions?

Thanks!
---
Shumon Huque				3401 Walnut Street, Suite 221A,
Network Engineering			Philadelphia, PA 19104-6228, USA.
Information Systems & Computing		(215)898-2477, (215)898-9348 (Fax)
University of Pennsylvania / MAGPI.	E-mail: shuque -at- isc.upenn.edu



More information about the Standards mailing list