On Tue May 13 17:16:39 2008, Shumon Huque wrote:
I personally think we want to encourage the use of a generalized name form rather than an XMPP specific one. It will be much easier to get commercial CAs and other entities down the road to issue certs with general purpose extensions.
Kind of - I'd prefer that certificates intended to be used as authorization to act as a particular jid should use id-on-xmppAddr.
XMPP Peer/Server identification is a particular case of this, but can also be treated as a general form of SRV based lookup and authentication, so either is probably useful in this case. Note that servers using RFC 4985 would either require different certficates on C2S and S2S ports, or else use a certificate with at least two SRVNames.
My (cynical) bet is that obtaining a single certificate with multiple SRVNames will be just as hard/expensive/annoying as it is to obtain a certificate with id-on-xmppAddr in - if for no other reason than the commercial CAs will spot a way of making more money by forcing you to get two certificates for the price of two, whereas the xmppAddr style is at least usable for all XMPP-related purposes, including C2S client authentication.
Dave. -- Dave Cridland - mailto:[EMAIL PROTECTED] - xmpp:[EMAIL PROTECTED] - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
