On 2008-02-26 00:00, Alexander Gnauck wrote:
Jefferson Ogata schrieb:
How, exactly, do you know? I.e. what specific prenegotiation informs
the XMPP server which domain certificate to use? Traditional STARTTLS
(e.g. in ESMTP and LDAP), AFAIK, has no such provision; this would
have to be an XMPP-specific augmentation.
from the stream header which gets sent before TLS is established.
Interesting. So you're saying the server looks at the @to attribute in
<stream> and chooses a certificate based on that value?
And how useful is this? The traditional place where polymorphic
certificates have been desired is in HTTP servers, where running
multiple SSL services requires an IP for each.
You can host unlimited vhosts on the same IP with StartTLS which is a
big advantage. XMPP is much nicer in this scenarios than HTTP is.
Yes, it's an advantage. The size of the advantage varies with the IP
space available to the server operator and the number of domains to be
supported.
Do people actually do this with XMPP as well? Often?
yes they do
Can you name two? I would be interested in examining this behavior.
Do servers supporting multiple certificates send server-to-server
messages internally when a client from one domains sends a message to a
client from another domain?
--
Jefferson Ogata <[EMAIL PROTECTED]>
NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]>
"Never try to retrieve anything from a bear."--National Park Service
