IETF Logo Mail Archive

Re: [POSH] Comments/questions on draft-miller-posh-00

Philipp Hancke <fippo@goodadvice.pages.de> Wed, 31 July 2013 07:51 UTC

Return-Path: <fippo@goodadvice.pages.de>
X-Original-To: posh@ietfa.amsl.com
Delivered-To: posh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAB7D11E80AD; Wed, 31 Jul 2013 00:51:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.164
X-Spam-Level:
X-Spam-Status: No, score=-2.164 tagged_above=-999 required=5 tests=[AWL=0.435, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XVRgSfi9ikjl; Wed, 31 Jul 2013 00:50:51 -0700 (PDT)
Received: from lo.psyced.org (lost.IN.psyced.org [188.40.42.221]) by ietfa.amsl.com (Postfix) with ESMTP id 5A10021F9F13; Wed, 31 Jul 2013 00:50:51 -0700 (PDT)
Received: from [130.129.18.133] (dhcp-1285.meeting.ietf.org [130.129.18.133]) (authenticated bits=0) by lo.psyced.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id r6V7odNl006225 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 31 Jul 2013 09:50:49 +0200
Message-ID: <51F8C1CE.1010701@goodadvice.pages.de>
Date: Wed, 31 Jul 2013 09:50:38 +0200
From: Philipp Hancke <fippo@goodadvice.pages.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7
MIME-Version: 1.0
To: posh@ietf.org
References: <CAPms+wRR_ZtLq94mRCDVXEW9WyZeDmYx+1hU+zCXV1fT0GSZ+g@mail.gmail.com> <51F401CE.9080803@stpeter.im>
In-Reply-To: <51F401CE.9080803@stpeter.im>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: XMPP Working Group <xmpp@ietf.org>
Subject: Re: [POSH] Comments/questions on draft-miller-posh-00
X-BeenThere: posh@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion about PKIX Over Secure HTTP <posh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/posh>, <mailto:posh-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/posh>
List-Post: <mailto:posh@ietf.org>
List-Help: <mailto:posh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/posh>, <mailto:posh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2013 07:51:07 -0000

Am 27.07.2013 19:22, schrieb Peter Saint-Andre:
[...]
>> Similarly, I can't see anything obviously wrong with letting the
>> application handshake complete, then performing the POSH
>> operations before deciding the application connection is not
>> suitable and should be terminated before being used.  Is the MUST
>> in this section mandating the order of operations necessary for
>> some other reason?
>
> As mentioned above, the MUST here is perhaps a bit silly because it's
> so obvious. I think there is a better way to word it...

While implementing this I found another reason why this MUST doesn't work.

In XMPP we want DNA to have the ability to multiplex several domain 
pairs, with multiple remote domains.

However, at the time of the TLS handshake we only know a single remote 
domain (taken from the stream's from).

At any later time, the remote end may use this <db:result/> stuff to add 
another remote domain. This might trigger the POSH dance and clearly 
happens after the TLS handshake is done.

I would suggest removing this MUST.

v2.23.0 | Report a Bug | By Email