[Standards] XMPP Certificate checking algorithm
alexey.melnikov at isode.com
Sun Mar 23 11:01:42 UTC 2008
Shumon Huque wrote:
>After seeing Peter's note about the approved sieve notify
>mechanism, it just occurred to me that another approach to
>identify service names might be to use the xmpp uri scheme.
>Has anyone considered this before?
>In that case, you could just use the subjectAltName's existing
>uniformResourceIdentifier field to store JID strings prepended
This sounds quite sensible to me.
>Are there any advantages to this approach? It seems to have all
>the functionality of id-on-xmppAddr without needing a special
Exactly. Consistency across protocols is a good thing.
>It provides the ability to specify client identities
>which RFC4985 does not, if client certificate based authentication
>is used. On the other hand, RFC4985 is able to differentiate the
>c2s and s2s identities, which may be important, and more naturally
>maps to their SRV records.
More information about the Standards