On Tue Nov 2 22:11:18 2010, zhong ming wu wrote:
TLS implementation of HTTP/SMTP/IMAP/POP do not work like XMPP in
this regard
As Simon said, they actually do.
In all cases, the user inputs a required authorization identifier,
and the X.509 certificate presented by the server is checked to
ensure it can be used to authorize that identifier.
In the XMPP case, the user enters the server's jid as part of the
account name they're connecting to.
In the HTTP case, the user enters the server's domain as part of the
URI they're connecting to.
This similarity is being made more explicit, and more uniform, by
Peter Saint-Andre's work within the IETF
(draft-saintandre-tls-server-id-check).
In the case of virtual hosting, things can and do get quite difficult
to usefully provision, which is why technologies like "domain name
assertions" are being looked at within the IETF, too.
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
