[Standards] v1.1rc1 of XEP-0178 (Best Practices for Use of SASL EXTERNAL with Certificates)

David Richards drichards at coversant.com
Wed Oct 13 02:42:36 UTC 2010

Also, step  10 in section 3, xep-0178 conflicts with 3920bis step 9 in section 9.2.2.  178 indicates inclusion of authorization identity matching the from attribute of the server1 to server2 stream element while 3920bis indicates an empty authorization identity.  

And steps 9 and 10 of section 2 in 178 should reference 6.3.4 and 6.3.8 rather than 6.2.4 and 6.2.8.

Dave Richards

-----Original Message-----
From: standards-bounces at xmpp.org [mailto:standards-bounces at xmpp.org] On Behalf Of Peter Saint-Andre
Sent: Wednesday, September 29, 2010 6:50 PM
To: standards at xmpp.org
Subject: Re: [Standards] v1.1rc1 of XEP-0178 (Best Practices for Use of SASL EXTERNAL with Certificates)

On 9/28/10 11:49 PM, Philipp Hancke wrote:
> Peter Saint-Andre wrote:
>> I've made some provisional updates to XEP-0178, reflecting changes 
>> from draft-ietf-xmpp-3920bis and draft-saintandre-tls-server-id-check.
> The process of validating the certificate is slightly different from 
> what is described in draft-saintandre-tls-server-id-check. This is not 
> surprising given that we want to check a client-id, not a server-id.
> I think the difference can be described as an alternative way to 
> construct the reference identifier (section 4.2 in the draft), which 
> is supplied by the client (or peer server) in the stream's from 
> attribute (step 7, c2s or s2s).

Yes, good point. We'll need to work on that!

>> http://xmpp.org/extensions/tmp/xep-0178-1.1.html
>> Your feedback is welcome!
> "Server2 considers EXTERNAL" in s2s step 10 should be Server1 actually.

Fixed in my working copy.


Peter Saint-Andre

More information about the Standards mailing list