[Standards] Proposed XMPP Extension: Remote Authentication
zash at zash.se
Thu Dec 2 17:16:06 UTC 2010
On Thu, 2010-12-02 at 17:06 +0000, Dave Cridland wrote:
> (FWIW, I wondered for some time about clients generating a CSR and
> having servers actually be PKIX CAs, but that equally gains nothing,
> except adding lots more exciting-looking X.509).
> Of course, if the certificate is signed by a trusted party (ie, a
> real CA), then everything changes - the server cannot advertise a
> false certificate any longer, so the situation is entirely different.
This is where it would have been useful for the PKIX CA structure to be
more like DNS, so you could sign certs for your own users and subdomains
Kim Alvefur <zash at zash.se>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 197 bytes
Desc: This is a digitally signed message part
More information about the Standards