[Standards] UPDATED: XEP-0257 (Client Certificate Management for SASL EXTERNAL)
stpeter at stpeter.im
Fri Feb 13 01:58:58 UTC 2009
Alexey Melnikov wrote:
> Peter Saint-Andre wrote:
>> Alexey Melnikov wrote:
>>> 2). In Section 3 the following text was added:
>>>> If the subjectAltName contains a full JID the server MUST force the
>>>> client to use the given resource during resource binding. The client
>>>> is only allowed to use the provided resource name. If a client with
>>>> the same resource name is currently logged in and that client is not
>>>> forced to use that resource name, it SHOULD be logged out by the
>>> I am not entirely sure what this text is trying to achieve.
> Even after Peter's clarification, I don't think I understand what the
> last sentence is saying.
> In particular why "that client is not forced to use that resource name"?
So you'll have two kinds of certs: one that is limited to a particular
full JID (let's call it a "full-JID cert") and one that isn't (let's
call it a "bare-JID cert"). If a bare-JID cert is currently logged in
with a full JID that matches a given full-JID cert (e.g., our "TV"
resource), then Dirk is suggesting that the client presenting the
full-JID would have priority and the server would bump the client that
presented a bare-JID cert. So that rule would provide guidance to the
server regarding the alternatives described in Section 18.104.22.168 of
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6751 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards