[Standards] UPDATED: XEP-0257 (Client Certificate Management for SASL EXTERNAL)

Dirk Meyer dmeyer at tzi.de
Fri Feb 13 10:08:59 UTC 2009

Alexey Melnikov wrote:
> This looks better.

Thanks, I hope I added all comments.

> 1). Semantics of "disabling" is not quite clear. In particular, are
> disabled certificates still returned in response to the list request?
> If they are returned, then you need a way to mark them somehow in the
> list response. If they are not returned, then it would be better to
> call this operation "deletion".

Ok, I will rename 'disable' to 'delete'

> However this brings an interesting question: if the uploaded
> certificate has a JID in the subjectAltName, then I think the JID MUST
> correspond to the user's account for which it was uploaded.

Right, I will add that. A user can only upload certificates with the
correct bare JID. It has to have an subjectAltName because with SASL
EXTERNAL we have no way to provide a username on login (or did I miss


One Page Principle:
	A specification that will not fit on one page of 8.5x11 inch
	paper cannot be understood.
		-- Mark Ardis

More information about the Standards mailing list