On 5/17/15 9:55 AM, Kim Alvefur wrote:
Hello list!
Hi Zash!
Georg Lukas noted that section 4.1 says, in the context of XMPP, to use
to='xmpp23.hosting.example.net' in the stream header, as that is the
"functional equivalent" of SNI in XMPP. However, that conflicts with
the current semantics of 'to' being the service domain name to the
server host name. That will break many, if not all, deployed servers.
The server should know what certificate to use for the indicated domain
name.
http://tools.ietf.org/html/draft-ietf-dane-srv-14#section-4.1
Hmm.
First, all draft-ietf-dane-srv says is that you don't need to use SNI in
XMPP because we already have a way for the TLS client to specify which
domain name it expects of the TLS server, i.e., the 'to' address of the
initial stream header.
Second, draft-ietf-xmpp-dna is the document that specifies the behavior
of XMPP entities. So IMHO this is a topic for the XMPP WG list, not the
DANE WG list. I'll forward this message to that list and continue the
conversation there. :-)
Peter
--
Peter Saint-Andre
https://andyet.com/
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
