mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-28 04:02:20 -05:00
0.4
git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@230 4b5297f7-1745-476d-ba37-a9c6900126ab
This commit is contained in:
parent
a5ac589767
commit
9598e79416
14
xep-0178.xml
14
xep-0178.xml
@ -22,6 +22,12 @@
|
|||||||
<shortname>N/A</shortname>
|
<shortname>N/A</shortname>
|
||||||
&stpeter;
|
&stpeter;
|
||||||
&pgmillard;
|
&pgmillard;
|
||||||
|
<revision>
|
||||||
|
<version>0.4</version>
|
||||||
|
<date>2006-11-27</date>
|
||||||
|
<initials>psa</initials>
|
||||||
|
<remark><p>Modified XMPP address encapsulation methods per rfc3920bis; clarified conditions for certificates to be considered acceptable.</p></remark>
|
||||||
|
</revision>
|
||||||
<revision>
|
<revision>
|
||||||
<version>0.3</version>
|
<version>0.3</version>
|
||||||
<date>2006-09-21</date>
|
<date>2006-09-21</date>
|
||||||
@ -116,7 +122,7 @@
|
|||||||
<p>Server validates certificate.</p>
|
<p>Server validates certificate.</p>
|
||||||
<ol>
|
<ol>
|
||||||
<li>
|
<li>
|
||||||
<p>If certification authority is untrusted or certificate has been revoked, server closes client's TCP connection.</p>
|
<p>If certificate is unacceptable (e.g., because the certificate has been revoked, because the certificate has expired, or because the root certificate was issued by a certification authority that is untrusted), server closes client's TCP connection.</p>
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
<p>Else server completes successful TLS negotiation and client initiates a new stream header to server.</p>
|
<p>Else server completes successful TLS negotiation and client initiates a new stream header to server.</p>
|
||||||
@ -164,7 +170,7 @@
|
|||||||
<p>Server determines whether to allow authenticatation of user.</p>
|
<p>Server determines whether to allow authenticatation of user.</p>
|
||||||
<ol>
|
<ol>
|
||||||
<li>
|
<li>
|
||||||
<p>If the certificate presented by the client contains only one valid XMPP address <note>A valid XMPP address is a JID encapsulated as a subjectAltName with an ASN.1 Object Identifier of "id-on-xmppAddr" (which is equivalent to the dotted display format of "1.3.6.1.5.5.7.8.5").</note> that corresponds to a registered account on the server, the server SHOULD allow authentication of that JID.</p>
|
<p>If the certificate presented by the client contains only one valid XMPP address that corresponds to a registered account on the server, the server SHOULD allow authentication of that JID. For the purpose of client authentication with a server, a valid XMPP address is a JID encapsulated as a subjectAltName entity of type otherName with an ASN.1 Object Identifier of "id-on-xmppAddr" as specified in Section 5.1.1. of <cite>RFC 3920</cite>.</p>
|
||||||
<code><![CDATA[
|
<code><![CDATA[
|
||||||
<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
|
<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
|
||||||
]]></code>
|
]]></code>
|
||||||
@ -252,7 +258,7 @@
|
|||||||
<p>Server2 validates certificate.</p>
|
<p>Server2 validates certificate.</p>
|
||||||
<ol>
|
<ol>
|
||||||
<li>
|
<li>
|
||||||
<p>If certification authority is untrusted or certificate has been revoked, Server2 closes Server1's TCP connection.</p>
|
<p>If certificate is unacceptable (e.g., because the certificate has been revoked, because the certificate has expired, or because the root certificate was issued by a certification authority that is untrusted), Server2 closes Server1's TCP connection.</p>
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
<p>Else Server2 completes successful TLS negotiation and Server1 initiates a new stream header to Server2.</p>
|
<p>Else Server2 completes successful TLS negotiation and Server1 initiates a new stream header to Server2.</p>
|
||||||
@ -301,7 +307,7 @@
|
|||||||
<p>Server2 determines if hostname is valid.</p>
|
<p>Server2 determines if hostname is valid.</p>
|
||||||
<ol>
|
<ol>
|
||||||
<li>
|
<li>
|
||||||
<p>If the authorization identity provided by Server1 matches one of the valid XMPP addresses <note>A valid XMPP address is a JID encapsulated as a subjectAltName with an ASN.1 Object Identifier of "id-on-xmppAddr" (which is equivalent to the dotted display format of "1.3.6.1.5.5.7.8.5").</note> in the certificate or one of the Common Names in the certificates, Server2 SHOULD return success.</p>
|
<p>If the authorization identity provided by Server1 matches one of the valid XMPP addresses in the certificate, Server2 SHOULD return success. For the purpose of server authentication with another server, a valid XMPP address is a JID encapsulated as a subjectAltName extension of type otherName with an ASN.1 Object Identifier of "id-on-xmppAddr" or a domain name (which MAY include the wildcard character '*') encapsulated as a subjectAltName extension of type dNSName.</p>
|
||||||
<code><![CDATA[
|
<code><![CDATA[
|
||||||
<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
|
<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
|
||||||
]]></code>
|
]]></code>
|
||||||
|
Loading…
Reference in New Issue
Block a user