[Standards] TLS certificate fun
stpeter at stpeter.im
Fri May 23 04:27:24 UTC 2008
On 05/13/2008 2:47 PM, Dave Cridland wrote:
> On Tue May 13 20:37:39 2008, Justin Karneges wrote:
>> On Tuesday 13 May 2008 11:40 am, Dave Cridland wrote:
>> > On Tue May 13 19:29:33 2008, Justin Karneges wrote:
>> > > Two sets?
>> > Yes. One that says "If any xmppAddr is present, use only xmppAddr",
>> > another that says "but fallback to dNSName". This is okay as long as
>> > both ends know which identities are authenticated.
>> 3920, section 14.2, case #1 essentially says that if the xmpp field is
>> then use it, otherwise fall back to dNSName (and then commonName).
>> Where is
>> the other set of rules?
> Hmmm... I suppose you could read that as the method for checking
> certificates, and 6.4.2 as the method for generating them. I think both
> could be a lot clearer, though.
The text in bis-04 is out of date with the emerging consensus, which is
why it needs to be seriously revised or replaced. I need to find time to
crank out bis-05...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards