[Standards] v1.1rc1 of XEP-0178 (Best Practices for Use of SASL EXTERNAL with Certificates)
drichards at coversant.com
Wed Oct 13 02:42:36 UTC 2010
Also, step 10 in section 3, xep-0178 conflicts with 3920bis step 9 in section 9.2.2. 178 indicates inclusion of authorization identity matching the from attribute of the server1 to server2 stream element while 3920bis indicates an empty authorization identity.
And steps 9 and 10 of section 2 in 178 should reference 6.3.4 and 6.3.8 rather than 6.2.4 and 6.2.8.
From: standards-bounces at xmpp.org [mailto:standards-bounces at xmpp.org] On Behalf Of Peter Saint-Andre
Sent: Wednesday, September 29, 2010 6:50 PM
To: standards at xmpp.org
Subject: Re: [Standards] v1.1rc1 of XEP-0178 (Best Practices for Use of SASL EXTERNAL with Certificates)
On 9/28/10 11:49 PM, Philipp Hancke wrote:
> Peter Saint-Andre wrote:
>> I've made some provisional updates to XEP-0178, reflecting changes
>> from draft-ietf-xmpp-3920bis and draft-saintandre-tls-server-id-check.
> The process of validating the certificate is slightly different from
> what is described in draft-saintandre-tls-server-id-check. This is not
> surprising given that we want to check a client-id, not a server-id.
> I think the difference can be described as an alternative way to
> construct the reference identifier (section 4.2 in the draft), which
> is supplied by the client (or peer server) in the stream's from
> attribute (step 7, c2s or s2s).
Yes, good point. We'll need to work on that!
>> Your feedback is welcome!
> "Server2 considers EXTERNAL" in s2s step 10 should be Server1 actually.
Fixed in my working copy.
More information about the Standards