-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 11/06/2015 05:28 AM, Georg Lukas wrote: > So lets assume I want to connect as [email protected] and the SRV > record is > > _xmpp-client._tls.example.com. IN SRV 5 1 443 xmpp.example.com. > > My client then makes a TCP connection to xmpp.example.com:443, > requests xmpp.example.com via SNI, and the server is expected to > return the certificate for example.com instead, which the client > verifies? > > If this is the desired behavior, it must be stated VERY CLEARLY in > the XEP, as it is very unintuitive.
Yes that's exactly how I intended it to work. The server operator would know which domain to serve which certificate for because they set it up that way. The plus side being this gives the server an easy way to route traffic (as opposed to just example.com being sent) and I can't see any negatives. It would make sense to explain it better and more thoroughly. Travis -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQQcBAEBCgAGBQJWPKf3AAoJEOy5uMuqxowDG8kgAJWTJ3LhX0DbMQ4cQVSBbHhS h5mCfY3ZDdNO5Q5UyIOJTEG7W6hcZ2KonfPVioyBqW8ojfyHjdxPSueE9gnqU3iB yBbbBB7NVmhiRnKKt1p3A9XlVFBDbEroMlC34tAIFD+63x1rpmeWgLf+mnck29W6 wKEdXk03Kkj9IX/chqKavhFy8+/M0Lnc7FVzqi09wN7fMb0Y3jreha6EDhSko+Y1 JgPECEr/chkaqvgYVKkZ8t2q8xUrhdKRunurKePXx8pHohgPjNbICLkRHoHvon3l 1bt+rnLqn37eyxllu/1prRZ2MRQ+WAOwSyLEfpPr0e2SVgUVPJinfXvBv0lzwOma NA+Bf7IGdHNYcUWecmwX1nhBeS9/k70TzzhvefE4Ovw0seCljyftsdr+j90q7D49 wzWKFUqrTvaWjuN03mY4jg0FzreuI5u6WChRXIZcwnRBcDCcBZRp1QpL4O+XDBdm pDHkwk48AIggCyFr5uHou4U0lsExNlDQJtu+p4W3miDUe7R2wLWXMeNjue0v8doY CesiH11A5n2oEAoxQ40elBB4XfyVT/fcHKbFlcjUDYyNJPIjVF8hcjYgQ2xCxGLz uhnCXUHhRlJ5SQ3ngOgFrksQoGCXp2hhaYOBbLrHnh0+g00gqNLsAmT7f3eK/M2s t422tBZeD00Q7cwlIDBLhS4qBfJCCELJC481spla/cdDCrM8SaSRFJsZOa+a7Bw5 w/yBniCqvtQMGEDFjf7Xb4TEWYfN7y+4gXZqUnZ6VLAByn/SMpftTTydvoG8e+hl tO6tY/qbqpdqtpg3kxvY6ZEkoXpI+DTnVMPMKebMykzSvby/RcJv5vbZpgL2kAre ndxkGhBmizGk9MO60DWh4S8zJMQ2vdcl9Wa8pIzyIqdQIaC6GgB0KZ8/tDyZx2Rb LEK+hphHmXSQZlbX3g+0PZOH+Om1tLrHrvxqnN9jtg6xWwqj3eAZSC0sVO3YZIBX dVBcZKOSJSLkBDrAmNxAyD1gJ9EQMcBkbI4KkAXLQWaxwpVWLpqB9cDoJ8luW7/m gIBMKFPFQKR/1IKimK36IgWhB0fw5yCHmcqqEsF3M2qCUrpUt7hTXOEWY8t8dxqk L6dIFwynVvxyDXyNdTtGx8Is3pMUfjY0pOBBqBPT/gOW2B67Hinsutu0uIWyDBuW HMvwWrNLmseUAA4qbYVigu0LY4BG/hqRsBKyjIGw9qacmA1TbK3MDcGf7jvFZONW svMd359fEKmUMkgF3hspd2Jdki2CJB/hD/Ics5pQyst26iIngXYjmfcUb9WVp+Me iI+8d615KwH7WU5Hm4mW4hjOnJEPIYIAp+KhMwlKJ+YP+6lNN1+oBfo9OF73d8A= =Ev6e -----END PGP SIGNATURE-----
