[Standards] XMPP Certificate checking algorithm

Alexey Melnikov alexey.melnikov at isode.com
Sun Mar 23 11:01:42 UTC 2008


Shumon Huque wrote:

>After seeing Peter's note about the approved sieve notify
>mechanism, it just occurred to me that another approach to 
>identify service names might be to use the xmpp uri scheme.
>Has anyone considered this before?
>
>In that case, you could just use the subjectAltName's existing 
>uniformResourceIdentifier field to store JID strings prepended
>with "xmpp:".
>  
>
This sounds quite sensible to me.

>Are there any advantages to this approach? It seems to have all
>the functionality of id-on-xmppAddr without needing a special
>otherName type.
>
Exactly. Consistency across protocols is a good thing.

>It provides the ability to specify client identities
>which RFC4985 does not, if client certificate based authentication
>is used. On the other hand, RFC4985 is able to differentiate the
>c2s and s2s identities, which may be important, and more naturally 
>maps to their SRV records.
>  
>





More information about the Standards mailing list