On 2015-05-19 00:03, Peter Saint-Andre - &yet wrote: > On 5/17/15 9:55 AM, Kim Alvefur wrote: >> Hello list! > > Hi Zash! > >> Georg Lukas noted that section 4.1 says, in the context of XMPP, to use >> to='xmpp23.hosting.example.net' in the stream header, as that is the >> "functional equivalent" of SNI in XMPP. However, that conflicts with >> the current semantics of 'to' being the service domain name to the >> server host name. That will break many, if not all, deployed servers. >> The server should know what certificate to use for the indicated domain >> name. >> >> http://tools.ietf.org/html/draft-ietf-dane-srv-14#section-4.1 > > Hmm. > > First, all draft-ietf-dane-srv says is that you don't need to use SNI in > XMPP because we already have a way for the TLS client to specify which > domain name it expects of the TLS server, i.e., the 'to' address of the > initial stream header.
What I tried to say was that this sentence in the draft is confusing and/or wrong in the context of XMPP: SRV is secure: [...] The target server host name is the preferred name for TLS SNI or its equivalent. > Second, draft-ietf-xmpp-dna is the document that specifies the behavior > of XMPP entities. So IMHO this is a topic for the XMPP WG list, not the > DANE WG list. I'll forward this message to that list and continue the > conversation there. Right, dane-srv doesn't have authority over XMPP specifics. Thanks :) -- Kim "Zash" Alvefur
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
