[Standards] UPDATED: XEP-0257 (Client Certificate Management for SASL EXTERNAL)

Dirk Meyer dmeyer at tzi.de
Fri Feb 13 12:46:15 UTC 2009


Peter Saint-Andre wrote:
> So you'll have two kinds of certs: one that is limited to a particular
> full JID (let's call it a "full-JID cert") and one that isn't (let's
> call it a "bare-JID cert"). If a bare-JID cert is currently logged in
> with a full JID that matches a given full-JID cert (e.g., our "TV"
> resource), then Dirk is suggesting that the client presenting the
> full-JID would have priority and the server would bump the client that
> presented a bare-JID cert. So that rule would provide guidance to the
> server regarding the alternatives described in Section 8.5.2.2 of
> rfc3920bis:
>
> http://xmpp.org/internet-drafts/draft-saintandre-rfc3920bis-08.html#bind-clientsubmit-error-conflict

Right. Section 8.5.2.2 gives many options and suggests to provide a
different resource to the client. That is not possible with a full JID
in the cert. I added it to my todo list for the next revision.


Dirk

-- 
++?????++ Out of Cheese Error. Redo From Start.
        -- (Terry Pratchett, Interesting Times)



More information about the Standards mailing list