[jdev] Hosting issues
Justin Karneges
justin-keyword-jabber.093179 at affinix.com
Thu Sep 15 19:44:22 CDT 2005
On Thursday 15 September 2005 04:56 pm, Steven Peterson wrote:
> > The forced host name is not relevant to TLS, just like the IP address
> > that it resolves to. All that matters is the desired Jabber domain.
> > Users have a bad enough time trying to determine whether or not something
> > is secure, and adding further rules/exceptions would only make it worse.
>
> The rules can be hidden from the user. If a user forces a server,
> then the client application can accept either the cert for the forced
> server or for the user's domain.
This implies that the forced server is allowed to act as the Jabber domain,
which it isn't. At the very least this extra trust would have to be
optional.
IMO, this is not worth bothering with, since we already have a better
solution: XMPP OtherName. We need changes to clients to support either
method, so we may as well do it the right way.
-Justin
More information about the JDev
mailing list