Re: [dane] DANE XMPP s2s implementation

Viktor Dukhovni <> Mon, 10 March 2014 16:14 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 299B11A0535 for <>; Mon, 10 Mar 2014 09:14:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NCorxV5C2WR6 for <>; Mon, 10 Mar 2014 09:14:06 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 879BC1A04CD for <>; Mon, 10 Mar 2014 09:13:58 -0700 (PDT)
Received: by (Postfix, from userid 1034) id 006B32AAB42; Mon, 10 Mar 2014 16:13:50 +0000 (UTC)
Date: Mon, 10 Mar 2014 16:13:50 +0000
From: Viktor Dukhovni <>
Message-ID: <>
References: <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [dane] DANE XMPP s2s implementation
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 10 Mar 2014 16:14:21 -0000

On Mon, Mar 10, 2014 at 03:50:17PM +0100, Kim Alvefur wrote:

> It's currently only doing DANE-EE and PKIX-EE.

I would recommend that, as with the SMTP draft, the XMPP community
choose a subset of the DANE usages to support.  Either 0/1 or 2/3,
but not both.  By choosing both you get the weakest security, and
the maximal deployment friction (everyone needs to deploy and trust
the same set of CAs).

So it makes more sense to implement just one of DANE-EE or PKIX-EE,
with a plan to later add one of DANE-TA or PKIX-TA respectively.

> The TA variants are
> trickier, especially DANE-TA, so I have left them out for now.

Indeed, especially for DANE-TA, it makes sense to wait until the
underlying TLS toolkits: OpenSSL, NSS, GnuTLS, ... support DANE
trust chain verification and name checks (integrated with trust
validation because DANE-EE obviates name checks, while DANE-TA
requires them).

Though IIRC the XMPP draft currently just defers all the DANE
language to the SRV draft, it may at some point make sense to be
more explicit about XMPP-specific choices, unless the SRV draft is
modified to define a set of profiles, one of which exactly matches
the requirements of XMPP.

> It also includes an attempt at doing something for authenticating the
> client certificate on incoming connections, by looking for a TLSA record
> at the same name as for SRV, eg  Comments
> about this would be appreciated.

I encourage you to discuss this with the XMPP draft authors,  I
asked this very question informally and was told that client
certificate verification was somehow accomplished via callbacks.

If it is reasonable to require the outbound XMPP clients for a
domain to possess the same private keys and certificates as the
inbound servers, then your approach may reasonable.  Though you
likely end up taking the union of the TLSA records for all servers,
rather than just the specific server you connect to when validating
a connection to a server.

I would suggest a less ad-hoc strategy for authenticating clients,
perhaps a lookup key for TLSA records at: IN TLSA ...

if client certificates are to be used with XMPP to authenticate
the client domain.  (Neither _port nor _proto make much sense for
clients, the client is not a fixed transport end-point).