[Standards] UPDATED: XEP-0257 (Client Certificate Management for SASL EXTERNAL)
dmeyer at tzi.de
Fri Feb 13 10:08:59 UTC 2009
Alexey Melnikov wrote:
> This looks better.
Thanks, I hope I added all comments.
> 1). Semantics of "disabling" is not quite clear. In particular, are
> disabled certificates still returned in response to the list request?
> If they are returned, then you need a way to mark them somehow in the
> list response. If they are not returned, then it would be better to
> call this operation "deletion".
Ok, I will rename 'disable' to 'delete'
> However this brings an interesting question: if the uploaded
> certificate has a JID in the subjectAltName, then I think the JID MUST
> correspond to the user's account for which it was uploaded.
Right, I will add that. A user can only upload certificates with the
correct bare JID. It has to have an subjectAltName because with SASL
EXTERNAL we have no way to provide a username on login (or did I miss
One Page Principle:
A specification that will not fit on one page of 8.5x11 inch
paper cannot be understood.
-- Mark Ardis
More information about the Standards