[Standards] UPDATED: XEP-0257 (Client Certificate Management for SASL EXTERNAL)
alexey.melnikov at isode.com
Thu Feb 12 19:28:33 UTC 2009
XMPP Extensions Editor wrote:
>Version 0.2 of XEP-0257 (Client Certificate Management for SASL EXTERNAL) has been released.
>Abstract: This specification defines a method to manage client certificates that can be used with SASL External to allow clients to log in without a password.
>Changelog: [See revision history] (dm)
This looks better. Some quick comments:
1). Semantics of "disabling" is not quite clear. In particular, are
disabled certificates still returned in response to the list request? If
they are returned, then you need a way to mark them somehow in the list
response. If they are not returned, then it would be better to call this
2). In Section 3 the following text was added:
> If the subjectAltName contains a full JID the server MUST force the
> client to use the given resource during resource binding. The client
> is only allowed to use the provided resource name. If a client with
> the same resource name is currently logged in and that client is not
> forced to use that resource name, it SHOULD be logged out by the server.
I am not entirely sure what this text is trying to achieve.
However this brings an interesting question: if the uploaded certificate
has a JID in the subjectAltName, then I think the JID MUST correspond to
the user's account for which it was uploaded.
More information about the Standards