XMPP Extensions Editor schrieb:
The XMPP Extensions Editor has received a proposal for a new XEP.
Title: Client Certificate Management for SASL EXTERNAL
Abstract: This specification defines a method to manage client certificates
that can be used with SASL External to allow clients to log in without a
password.
URL: http://www.xmpp.org/extensions/inbox/sasl-external-cert-handling.html
The XMPP Council will decide at its next meeting whether to accept this
proposal as an official XEP.
why does the client generate the certificate? Sending a CSR to the
server and signing it there (which may take a long time) seems
easier from the certificate managment point of view. And it results
in a certificate signed by an entity that the server trusts.
Philipp
