On Mon Sep 13 19:48:56 2010, Peter Saint-Andre wrote:
On 9/13/10 11:05 AM, Dave Cridland wrote:
> Looking at the draft, it seems to read that I should check dNSName
> first, and then, only if this matches, check xmppAddr or sRVName.
This
> seems odd - sRVName and xmppAddr (and URI) all contain a superset
of the
> data contained, so why look at dNSName if a more specific match
exists?
Earlier versions of this draft had somewhat elaborate rules about
ordering of reference identifiers. Those rules were removed in -09
because folks on the certid@xxxxxxxx list argued persuasively that
they
were not necessary because "first match wins" is good enough.
Naturally,
an implementation might have a preference order of reference
identifiers, but such an order is not mandated by this I-D.
Ah, I see my confusion. §4.4 says:
4.4. Verifying a Domain Name
The client MUST match the source domain of a reference identifier
according to the following rules
And §4.5 says:
4.5. Verifying an Application Type
A client SHOULD check not only the domain name but also the service
type of the service to which it connects.
Now, I misconstrued that to mean "MUST use dNSName, SHOULD use
sRVName", which is purely me misreading.
Up to you whether you think other people will be as silly as me, and
what to do about it if so.
Dave.
--
Dave Cridland - mailto:dave@xxxxxxxxxxxx - xmpp:dwd@xxxxxxxxxxxxxxxxx
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf