[Standards] Proposed XMPP Extension: Remote Authentication

Kim Alvefur zash at zash.se
Thu Dec 2 17:16:06 UTC 2010


On Thu, 2010-12-02 at 17:06 +0000, Dave Cridland wrote:
> (FWIW, I wondered for some time about clients generating a CSR and  
> having servers actually be PKIX CAs, but that equally gains nothing,  
> except adding lots more exciting-looking X.509).
> 
> Of course, if the certificate is signed by a trusted party (ie, a  
> real CA), then everything changes - the server cannot advertise a  
> false certificate any longer, so the situation is entirely different. 

This is where it would have been useful for the PKIX CA structure to be
more like DNS, so you could sign certs for your own users and subdomains
etc.

-- 
Kim Alvefur <zash at zash.se>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://mail.jabber.org/pipermail/standards/attachments/20101202/37bff1bb/attachment.sig>


More information about the Standards mailing list