Re: [mile] Benjamin Kaduk's Discuss on draft-ietf-mile-xmpp-grid-09: (with DISCUSS and COMMENT)

Alexey Melnikov <> Thu, 24 January 2019 12:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1FB9712E04D; Thu, 24 Jan 2019 04:04:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=QNSCiolY; dkim=pass (2048-bit key) header.b=PLH2Zeav
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id izKvKDK1OVaa; Thu, 24 Jan 2019 04:04:37 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3FEB3124B0C; Thu, 24 Jan 2019 04:04:37 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal []) by mailout.nyi.internal (Postfix) with ESMTP id 5CB3421F58; Thu, 24 Jan 2019 07:04:35 -0500 (EST)
Received: from web5 ([]) by compute7.internal (MEProxy); Thu, 24 Jan 2019 07:04:35 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h= message-id:from:to:cc:mime-version:content-transfer-encoding :content-type:references:date:in-reply-to:subject; s=fm2; bh=oiI O3PehmoZkca7MqIM73z1RboxazS46VDunVBu7Z2I=; b=QNSCiolY6vhhxXCw1Kg qKl74LpU4g8XANyDdYHsnNYXfGsK0EUDr72TQzvzxJ12V2JcAG6GqcSWD2gJBOhR i86RumgHf9uCgKpPBgENqQk9LhAmiEJ1F7MKk4AqVTGKIYbIRziTxgq2Wn8VequY kq8oeyhtDmkp9OFFewXDkDQgPEjFSfy/5dwf0PuEjwl0S4sK3VdH5q7LEMyDrKZu EFbSLCW+Wr3tqm0xsxXzxXcUinat2K/lM7C8smODCqSJSB5dxWj6RNFxt5MOk5/v WNTR4p7fSkThen3Qws2XwD+XNbH55PoauTzIWlw7bye9ODdNqGnSwbZI21K0jmD8 Pag==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=oiIO3PehmoZkca7MqIM73z1RboxazS46VDunVBu7Z 2I=; b=PLH2ZeavJgqBpp4DjSS0lBYjziGpO31vnuEvc7dvCJ5PFIQXvYvh37e+x HuWt9zYoWQCQi9UdY9EGG34s+FAvQGRkBpNWDsqKYtXf5WbtTxGwJljR2Mct0Amo tYhUzHG21yWXsXJ/2KOCIoRaPnoLCBho8s9MWqb7V0DB14Ux/3gkmjVlKljGeKog BJ6vjS/WXewGxfjKqHQXMl3Y20SXDFiU5Fr6rFMy8x6h0D37/hrpB+K5qSjWwDA8 5jdVRuRpcq7FoEbJFcW2o+Fjs8rQ95RS4Pw9O2ZR7q0xvWwQB0xdGJoEunpg4T3V 0IW25d4veB3EcAn99N0t435+bHN5w==
X-ME-Sender: <xms:0KlJXCTrSFZbV_KLosL1w-EkgEHRWmvCTMrda01GA1XnNcwh9Bwudw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtledriedvgdefiecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthenuceurghilhhouhhtmecufedt tdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepkffhvfgggfgtof hfffgjufesthejredtredtjeenucfhrhhomheptehlvgigvgihucfovghlnhhikhhovhcu oegrrghmvghlnhhikhhovhesfhgrshhtmhgrihhlrdhfmheqnecurfgrrhgrmhepmhgrih hlfhhrohhmpegrrghmvghlnhhikhhovhesfhgrshhtmhgrihhlrdhfmhenucevlhhushht vghrufhiiigvpedt
X-ME-Proxy: <xmx:0KlJXFcv6riDSxJHwxljtYwOKnZV0IV2OGpyQegzq1tPEMpLHS1EhA> <xmx:0KlJXKTozfh8kOSLvn3VBt130_DSKDmfxYgSD6UuVZSx7fgrD1vZLQ> <xmx:0KlJXGOHqafAxm8pk2KtliIE-FeCwDmwuXyGXdhfDNO5pQ1Kpdq5Ng> <xmx:06lJXCov2kLOFHQQ8ZDW6KWyDC178UxoZWBSXjXrWj409AgQymEP5A>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id F202B9E19E; Thu, 24 Jan 2019 07:04:31 -0500 (EST)
Message-Id: <>
From: Alexey Melnikov <>
To: Benjamin Kaduk <>, The IESG <>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
X-Mailer: Webmail Interface - ajax-36e4bfd3
References: <>
Date: Thu, 24 Jan 2019 12:04:31 +0000
In-Reply-To: <>
Archived-At: <>
Subject: Re: [mile] Benjamin Kaduk's Discuss on draft-ietf-mile-xmpp-grid-09: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 24 Jan 2019 12:04:40 -0000

Hi Benjamin,

Thank you for your comments.

I will let editors reply to your comments, but I will quickly comment one part of your DISCUSS:

On Thu, Jan 24, 2019, at 3:59 AM, Benjamin Kaduk wrote:
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> In the vein of Alissa's comments, I think this document does not adequately
> present the normative requirements for an implementation of the "XMPP
> Grid".  As far as I can tell, these requirements are just relating to the
> communications security measures used to protect XMPP traffic, per Section
> 8.3.  (Adhering to the MTI and MTN requirements of RFC 6120 does not seem
> like a new requirement.)  The main bulk of the document consists of
> examples that show how to use standard XMPP functionality to discover
> pubsub streams that convey data (types) that are of relevance for the types
> of behavior that MILE is interested in (e.g., security incident reporting
> and discovery), with inline mention of which XMPP features are used to
> negotiate and discover the streams in question.  (Several of my comments
> are related to this Discuss point.)

I think you and Alissa are right that the document needs to be clearer on whether it just relies on RFC 6120 and various XEP requirements or whether it adds any of its own.

> I also think this document does not adequately justify restricting to just
> the EXTERNAL and SCRAM families of SASL mechanisms;

I want to push back on this. The document is adding new requirement on top of what RFC 6120 requires, this is effectively new mandatory to implement SASL mechanisms for use XMPP with grids. Ideally this would be a single SASL mechanism, but I think one password based and one X.509 based is a good compromise here.

 there are other
> mechanisms in use that provide equivalent or better security properties,
> and this sort of unjustified restriction is detrimental to the evolution of
> the Internet.

Let's not exaggerate here. If you want to suggest one or two alternative choices for mandatory to implement SASL mechanism for XMPP grids, I think you need to make a better argument in front of the WG.

> The current requirements on SASL mechanisms also seem inconsistent with the
> claims in the threat model that the controller can obtain credentials to
> allow impersonation of platforms; RFC 5802 (SCRAM) is quite explicit that
> "The server does not gain the ability to impersonate the client to other
> servers", and my understanding is that usage of EXTERNAL is generally not
> susceptible to this threat.  (A bit more discussion in the COMMENT section.)

I agree that this needs to be reviewed.

Best Regards,