mmm, strange. I can't think of any good reason to have this except to be able to use transports that do not have dns entries.
On 11/7/05, Tony Finch <[EMAIL PROTECTED]> wrote: > On Sat, 5 Nov 2005, Matthias Wimmer wrote: > > Justin Karneges schrieb: > > > > > > - If the certificate is for "example.com", do you accept this > > > > certificate to be used for "service.example.com" as well? Currently I > > > > don't. But I am not sure if this is correct/intended by RFC3920. > > > > > > You shouldn't. And I don't think XMPP-Core says to do this either. > > > However, given that the draft does mention subdomains in places, maybe we > > > could use a clarification. I personally don't think the word 'subdomain' > > > should exist in the entire draft, but it is there. > > > > I don't really like to allow subdomains either. But it might be handy if you > > do not have to include all services offered by a server into the certificate > > (so you need to get a new certificate whenever you add a service) or get > > separate certificates for all services. > > The specification of subdomain handling in RFC 3920 seems to be completely > broken. I asked about it recently on the mxppwg list and I haven't > received any satisfactory replies. The difficulty of handling TLS > authentication makes it worse... > > http://mail.jabber.org/pipermail/xmppwg/2005-October/002331.html > > Tony. > -- > f.a.n.finch <[EMAIL PROTECTED]> http://dotat.at/ > BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR > GOOD. > -- - Norman Rasmussen - Email: [EMAIL PROTECTED] - Home page: http://norman.rasmussen.co.za/
