Am 25.08.2008 um 12:05 schrieb Dirk Meyer:
But where to put the fingerprint? IMHO that is needed to know if we can use that mechanism. The information that the other side supports X.509 is useless when I have no way to verify the key. The only option I see it the 'name':<item jid='urn:xmpp:c2ctls:x509' name='fingerprint'/> Looks kind of strange. On the other hand, the fingerprint is some sort of name of the certificate.
Can you please explain me why you want a fingerprint there? That's totally useless IMO, the server could forge that.
-- Jonathan
PGP.sig
Description: This is a digitally signed message part
