On 9/13/10 1:18 PM, Dave Cridland wrote:
On Mon Sep 13 19:48:56 2010, Peter Saint-Andre wrote:
On 9/13/10 11:05 AM, Dave Cridland wrote:
Looking at the draft, it seems to read that I should check dNSName
first, and then, only if this matches, check xmppAddr or sRVName. This
seems odd - sRVName and xmppAddr (and URI) all contain a superset of
the
data contained, so why look at dNSName if a more specific match exists?
Earlier versions of this draft had somewhat elaborate rules about
ordering of reference identifiers. Those rules were removed in -09
because folks on the certid(_at_)ietf(_dot_)org list argued persuasively
that they
were not necessary because "first match wins" is good enough. Naturally,
an implementation might have a preference order of reference
identifiers, but such an order is not mandated by this I-D.
Ah, I see my confusion. §4.4 says:
4.4. Verifying a Domain Name
The client MUST match the source domain of a reference identifier
according to the following rules
And §4.5 says:
4.5. Verifying an Application Type
A client SHOULD check not only the domain name but also the service
type of the service to which it connects.
Now, I misconstrued that to mean "MUST use dNSName, SHOULD use sRVName",
which is purely me misreading.
Up to you whether you think other people will be as silly as me, and
what to do about it if so.
A forward reference seem appropriate:
The client MUST match the source domain of a reference identifier
according to the following rules (and SHOULD also check the service
type as described under Section 4.5).
Peter
--
Peter Saint-Andre
https://stpeter.im/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf