Today we issued a Last Call regarding XEP-0178: Best Practices for Use of SASL EXTERNAL. This specification is part of our continuing effort to advance the XMPP RFCs to Draft Standard within the IETF.
Although XEP-0178 does not contain any proposed changes to RFC 3920 for inclusion in rfc3920bis, it does document best practices regarding a particular SASL authentication mechanism, in particular the SASL EXTERNAL mechanism as it relates to the X.509 public key infrastructure.
We’ve gained quite a bit of experience with SASL EXTERNAL recently given our launch of an intermediate certification authority for the XMPP network, and XEP-0178 incorporates some lessons learned.
The Last Call ends 2007-02-13, so if you see any problems with the spec send feedback to the standards discussion list.
