Also, step 10 in section 3, xep-0178 conflicts with 3920bis step 9 in section 9.2.2. 178 indicates inclusion of authorization identity matching the from attribute of the server1 to server2 stream element while 3920bis indicates an empty authorization identity.
And steps 9 and 10 of section 2 in 178 should reference 6.3.4 and 6.3.8 rather than 6.2.4 and 6.2.8. Dave Richards -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Peter Saint-Andre Sent: Wednesday, September 29, 2010 6:50 PM To: [email protected] Subject: Re: [Standards] v1.1rc1 of XEP-0178 (Best Practices for Use of SASL EXTERNAL with Certificates) On 9/28/10 11:49 PM, Philipp Hancke wrote: > Peter Saint-Andre wrote: >> I've made some provisional updates to XEP-0178, reflecting changes >> from draft-ietf-xmpp-3920bis and draft-saintandre-tls-server-id-check. > > The process of validating the certificate is slightly different from > what is described in draft-saintandre-tls-server-id-check. This is not > surprising given that we want to check a client-id, not a server-id. > > I think the difference can be described as an alternative way to > construct the reference identifier (section 4.2 in the draft), which > is supplied by the client (or peer server) in the stream's from > attribute (step 7, c2s or s2s). Yes, good point. We'll need to work on that! >> http://xmpp.org/extensions/tmp/xep-0178-1.1.html >> >> Your feedback is welcome! > > "Server2 considers EXTERNAL" in s2s step 10 should be Server1 actually. Fixed in my working copy. Peter -- Peter Saint-Andre https://stpeter.im/
