Hello, Peter Saint-Andre suggested that I move a discussion we've been having on the Adium Developer's mailing list here, regarding XMPP's certificate validity checking algorithm.
Here is the original set of issues that I brought up: http://adiumx.com/pipermail/adium-devl_adiumx.com/2008-February/004601.html And the current sensible consensus on what to check in the certificate is: 1. If client/server software explicitly specifies the server hostname to connect to, use that hostname in the certificate check. 2. If not, use the domain identifier portion of the JID. In a later message in the same thread, I brought up the additional possibility of using RFC 4985 to perform certificate checks: http://adiumx.com/pipermail/adium-devl_adiumx.com/2008-February/004626.html Does anyone have thoughts on these issues/suggestions? Thanks! --- Shumon Huque 3401 Walnut Street, Suite 221A, Network Engineering Philadelphia, PA 19104-6228, USA. Information Systems & Computing (215)898-2477, (215)898-9348 (Fax) University of Pennsylvania / MAGPI. E-mail: shuque -at- isc.upenn.edu
