[Standards] Checking hostname in XMPP server when using TLS
dave at cridland.net
Wed Nov 3 11:25:39 UTC 2010
On Tue Nov 2 22:11:18 2010, zhong ming wu wrote:
> TLS implementation of HTTP/SMTP/IMAP/POP do not work like XMPP in
> this regard
As Simon said, they actually do.
In all cases, the user inputs a required authorization identifier,
and the X.509 certificate presented by the server is checked to
ensure it can be used to authorize that identifier.
In the XMPP case, the user enters the server's jid as part of the
account name they're connecting to.
In the HTTP case, the user enters the server's domain as part of the
URI they're connecting to.
This similarity is being made more explicit, and more uniform, by
Peter Saint-Andre's work within the IETF
In the case of virtual hosting, things can and do get quite difficult
to usefully provision, which is why technologies like "domain name
assertions" are being looked at within the IETF, too.
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Standards