[dane] DANE-SRV, SNI functional equivalent and XMPP
Kim Alvefur <zash@zash.se> Sun, 17 May 2015 16:55 UTC
Return-Path: <zash@zash.se>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 272671A6F22 for <dane@ietfa.amsl.com>; Sun, 17 May 2015 09:55:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.338
X-Spam-Level:
X-Spam-Status: No, score=0.338 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_SE=0.35, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dwvqj-elNFnX for <dane@ietfa.amsl.com>; Sun, 17 May 2015 09:55:33 -0700 (PDT)
Received: from mail.zash.se (sphyrna.zash.se [IPv6:2001:470:28:559::]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A37381A6EE0 for <dane@ietf.org>; Sun, 17 May 2015 09:55:33 -0700 (PDT)
Received: from [IPv6:2001:470:def1:0:36:aad2:7912:a40a] (unknown [IPv6:2001:470:def1:0:36:aad2:7912:a40a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: zash) by mail.zash.se (Postfix) with ESMTPSA id B15E5619EF; Sun, 17 May 2015 18:55:30 +0200 (CEST)
Message-ID: <5558C801.7030304@zash.se>
Date: Sun, 17 May 2015 18:55:29 +0200
From: Kim Alvefur <zash@zash.se>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: DANE WG <dane@ietf.org>
OpenPGP: id=3E52119EF853C59678DBBF6BADED9A77B67AD329; url=http://zash.se/~zash/pubkey.asc
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="sShumA6tvu80Gx2ejs4n9njbhPMeOw4Aa"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/K5fQYS1ydamdOCqziF76wvsKOUk>
Cc: georg@op-co.de
Subject: [dane] DANE-SRV, SNI functional equivalent and XMPP
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 May 2015 16:55:35 -0000
Hello list! Georg Lukas noted that section 4.1 says, in the context of XMPP, to use to='xmpp23.hosting.example.net' in the stream header, as that is the "functional equivalent" of SNI in XMPP. However, that conflicts with the current semantics of 'to' being the service domain name to the server host name. That will break many, if not all, deployed servers. The server should know what certificate to use for the indicated domain name. http://tools.ietf.org/html/draft-ietf-dane-srv-14#section-4.1 -- Kim "Zash" Alvefur
- [dane] DANE-SRV, SNI functional equivalent and XM… Kim Alvefur
- Re: [dane] DANE-SRV, SNI functional equivalent an… Peter Saint-Andre - &yet
- Re: [dane] DANE-SRV, SNI functional equivalent an… Kim Alvefur
- Re: [dane] DANE-SRV, SNI functional equivalent an… Peter Saint-Andre - &yet
- Re: [dane] DANE-SRV, SNI functional equivalent an… Peter Saint-Andre - &yet
- Re: [dane] DANE-SRV, SNI functional equivalent an… Viktor Dukhovni
- Re: [dane] DANE-SRV, SNI functional equivalent an… Peter Saint-Andre - &yet
- Re: [dane] DANE-SRV, SNI functional equivalent an… Viktor Dukhovni
- Re: [dane] DANE-SRV, SNI functional equivalent an… Peter Saint-Andre - &yet
- Re: [dane] DANE-SRV, SNI functional equivalent an… Viktor Dukhovni