[jdev] cert handling in xmpp server implementations

[Peter Saint-Andre]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Justin Karneges wrote:
> On Wednesday 24 May 2006 13:46, Peter Saint-Andre wrote:
>> I am working with a certification authority on adding XMPP support to
>> the certificates they issue. My contact there wants to know about how
>> various jabber/xmpp server implementations handle certificates. That is,
>> do the servers operate like Apache (where you install a key, certificate
>> and various CA files) or can they handle pkx files (like IIS or Domain
>> Controllers of the Microsoft type)?
> 
> Speaking for Ambrosia (which is not very relevant, but...), currently PEM 
> files are used, but PKCS#12 files (e.g. pkx) sure are convenient. :)  It is a 
> standard format by the way, not a Microsoft-ism, and OpenSSL has supported it 
> since forever.  I plan to support both methods.
> 
> And that will go for Psi too, when specifying a client cert (something I don't 
> think you mentioned in either thread?).

I haven't started to think about client-side certs much yet, since end
users find them awfully confusing. I think it would be good for clients
to support them, but right now I'm more focused on making sure that both
clients and servers correctly handle server certs (and that we start
using server certs much more widely).

Peter

- --
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEdOLzNF1RSzyt3NURAoUKAKDiBLAiZbDU/kQvLFY80nzm7h0L1ACg41bH
3nyJS57+8Ivu+qMF8aXGJnY=
=Vc3S
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://www.jabber.org/jdev/attachments/20060524/5c312387/attachment-0002.bin>