[Standards] TLS certificate fun

Peter Saint-Andre stpeter at stpeter.im
Fri May 23 04:27:24 UTC 2008


On 05/13/2008 2:47 PM, Dave Cridland wrote:
> On Tue May 13 20:37:39 2008, Justin Karneges wrote:
>> On Tuesday 13 May 2008 11:40 am, Dave Cridland wrote:
>> > On Tue May 13 19:29:33 2008, Justin Karneges wrote:
>> > > Two sets?
>> >
>> > Yes. One that says "If any xmppAddr is present, use only xmppAddr",
>> > another that says "but fallback to dNSName". This is okay as long as
>> > both ends know which identities are authenticated.
>>
>> 3920, section 14.2, case #1 essentially says that if the xmpp field is
>> present
>> then use it, otherwise fall back to dNSName (and then commonName). 
>> Where is
>> the other set of rules?
>>
>>
> Hmmm... I suppose you could read that as the method for checking
> certificates, and 6.4.2 as the method for generating them. I think both
> could be a lot clearer, though.

The text in bis-04 is out of date with the emerging consensus, which is
why it needs to be seriously revised or replaced. I need to find time to
crank out bis-05...

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20080522/52e1480f/attachment.bin>


More information about the Standards mailing list