IETF Logo Mail Archive

Re: [xmpp] Clarification of TLS Identity checking in draft-ietf-xmpp-3920bis

Justin Karneges <justin@affinix.com> Tue, 15 March 2011 00:34 UTC

Return-Path: <justin@affinix.com>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1BF753A69BC for <xmpp@core3.amsl.com>; Mon, 14 Mar 2011 17:34:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P9CDHMYtf24F for <xmpp@core3.amsl.com>; Mon, 14 Mar 2011 17:34:27 -0700 (PDT)
Received: from homiemail-a4.g.dreamhost.com (caiajhbdcaib.dreamhost.com [208.97.132.81]) by core3.amsl.com (Postfix) with ESMTP id AE8EA3A68AC for <xmpp@ietf.org>; Mon, 14 Mar 2011 17:34:27 -0700 (PDT)
Received: from homiemail-a4.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a4.g.dreamhost.com (Postfix) with ESMTP id DC9C351C07B for <xmpp@ietf.org>; Mon, 14 Mar 2011 17:35:51 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=affinix.com; h=from:to:subject :date:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; q=dns; s=affinix.com; b=f 9fej5v3ocEvpkjPGNDMvw8tOf5ePz1uZA3VtFm5bxiS6uCYkOtEb20+zAFesAR13 pd4kurRbReO9uLhh1SkerORo6qqnZT5ISTrMxIuQMUlGhyu3GgXCUNiOaecTNaLD n4D4o1ES7C83gwiEFxr2ibcq/A1glnkI9AVK8Z+7TM=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=affinix.com; h=from:to :subject:date:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; s=affinix.com; bh=i2Cdf0t YPiAS+PIaiPfzMCpLh04=; b=r+K11qjh3XncyXO1EbE4ebNArol4Y862rl4l/oP E2JJpMX4Dv7JiV1y58WUPrfuE2e6PyE3nVzV6UNhA9vJOw+ZEkA2NibmG7as5nvA +aUwqFT8gU5SggI9BJM4YZzWeYys/1NCfIEvxzy3VTpcpUargwxslFDYc0Wm054a 6aNk=
Received: from purelace.localnet (andross.dreamhost.com [75.119.221.126]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: justin@affinix.com) by homiemail-a4.g.dreamhost.com (Postfix) with ESMTPSA id D1D6351C074 for <xmpp@ietf.org>; Mon, 14 Mar 2011 17:35:51 -0700 (PDT)
From: Justin Karneges <justin@affinix.com>
To: xmpp@ietf.org
Date: Mon, 14 Mar 2011 17:35:48 -0700
User-Agent: KMail/1.13.5 (Linux/2.6.35-rc6-vaioz; KDE/4.4.5; x86_64; ; )
References: <4D7E61BD.50804@collabora.co.uk> <4D7E9E39.4030900@stpeter.im> <4D7EA525.4050207@babelmonkeys.de>
In-Reply-To: <4D7EA525.4050207@babelmonkeys.de>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201103141735.48712.justin@affinix.com>
Subject: Re: [xmpp] Clarification of TLS Identity checking in draft-ietf-xmpp-3920bis
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2011 00:34:30 -0000

On Monday 14 March 2011 16:30:45 Florian Zeitz wrote:
> If a client connects to a server, just knowing the domain to connect to,
> but not the users JID what does it put as the 'to' attribute?
> Depending on the answer to Stef Walter's original question that might be
> trivial to answer or not, it's either that very domain, or a domainpart
> that is not actually known to the client.

It's not trivial to answer.  XMPP was designed to allow for virtual hosting.  
A physical server being connected to could potentially host many domains, and 
so you need to tell it which domain you are interested in.  XMPP also doesn't 
have the concept of a default domain (other than some edge cases around error 
handling).

Justin

v2.23.0 | Report a Bug | By Email