Re: [RAI] [dispatch] MSRP Expert Review of draft-pd-dispatch-msrp-websocket-04

"Cullen Jennings (fluffy)" <fluffy@cisco.com> Wed, 29 January 2014 18:29 UTC

Return-Path: <fluffy@cisco.com>
X-Original-To: rai@ietfa.amsl.com
Delivered-To: rai@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2C841A021B; Wed, 29 Jan 2014 10:29:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -114.736
X-Spam-Level:
X-Spam-Status: No, score=-114.736 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TGvWp-2BAfy1; Wed, 29 Jan 2014 10:29:35 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) by ietfa.amsl.com (Postfix) with ESMTP id BFBDC1A0216; Wed, 29 Jan 2014 10:29:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=863; q=dns/txt; s=iport; t=1391020173; x=1392229773; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=wfbvWIy6LIWcK390smWjhX6GnlPpdkeP+RIkgaWzR1s=; b=VpsAYrLHmKXWqJj/x7TTVTPdZ0J+PchFJwsr5tzoYhY1fKoGtZniNN4i GbsL3bAvqZAoYxwN8Ekv4doF3zPBWxFslfC1dsxyuZpJmtfI3GrKV7Xrp 3b9yN+cDRDqnN1juVZb671RsN72rdd2M26P/HkC4V4XDeV283oown9ook 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgwFAO1H6VKtJV2c/2dsb2JhbABZgww4Vr0EgQcWdIIlAQEBAwFrDgULAgEIGC4yJQIEDgWHfQjKIReOTDMHgySBFAEDiRGPF5Ifgy2CKg
X-IronPort-AV: E=Sophos;i="4.95,743,1384300800"; d="scan'208";a="297531414"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-9.cisco.com with ESMTP; 29 Jan 2014 18:29:32 +0000
Received: from xhc-aln-x13.cisco.com (xhc-aln-x13.cisco.com [173.36.12.87]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id s0TITWP5010877 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 29 Jan 2014 18:29:32 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.76]) by xhc-aln-x13.cisco.com ([173.36.12.87]) with mapi id 14.03.0123.003; Wed, 29 Jan 2014 12:29:32 -0600
From: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
To: =?iso-8859-1?Q?I=F1aki_Baz_Castillo?= <ibc@aliax.net>
Thread-Topic: [dispatch] [RAI] MSRP Expert Review of draft-pd-dispatch-msrp-websocket-04
Thread-Index: AQHPHREvsOjdfxbdLEen8YpQET53pZqcVjsA//+si3iAAGfDAA==
Date: Wed, 29 Jan 2014 18:29:31 +0000
Message-ID: <8DB45325-9CCA-411C-A809-9B716616CE2F@cisco.com>
References: <45B84D8F-AD8C-4B28-90DF-9B1C40771104@nostrum.com> <6833E320-7B45-4FC2-853B-62311DCF7E7B@nostrum.com> <A25E55DD-59E3-4F43-BE9A-6304378FAE0B@cisco.com> <CALiegf=mn1Lg6ihhf8hamn6rVpkLnF3ydGxm1tK1JaNMaioxoQ@mail.gmail.com> <CAEqTk6Q2Dv4a2P-8KJtK=xGZx=mmayt_YdagF2=JyoJ1oYQu7w@mail.gmail.com> <1E320318-64CE-4F8B-AB76-8C4A5244379A@cisco.com> <CALiegfmWXmOYu2gQj8b6=JgC2CfZoFJqebM=E6OrJ6j-QwLepg@mail.gmail.com>
In-Reply-To: <CALiegfmWXmOYu2gQj8b6=JgC2CfZoFJqebM=E6OrJ6j-QwLepg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.20.249.164]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <41D1DF5C5855CC48BA9A6B152025B4A0@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Ben Campbell <ben@nostrum.com>, DISPATCH <dispatch@ietf.org>, "rai@ietf.org" <rai@ietf.org>, "draft-pd-dispatch-msrp-websocket.all@tools.ietf.org" <draft-pd-dispatch-msrp-websocket.all@tools.ietf.org>
Subject: Re: [RAI] [dispatch] MSRP Expert Review of draft-pd-dispatch-msrp-websocket-04
X-BeenThere: rai@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Real-time Applications and Infrastructure \(RAI\)" <rai.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rai>, <mailto:rai-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rai/>
List-Post: <mailto:rai@ietf.org>
List-Help: <mailto:rai-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rai>, <mailto:rai-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jan 2014 18:29:38 -0000

On Jan 29, 2014, at 11:17 AM, IƱaki Baz Castillo <ibc@aliax.net>; wrote:

> 2014-01-29 Cullen Jennings (fluffy) <fluffy@cisco.com>;:
>> On Jan 29, 2014, at 10:16 AM, Peter Dunkley <peter.dunkley@crocodilertc.net>; wrote:
>> 
>>> Even if TLS is left as MUST all of the additional checks from the RFC cannot be enforced on the client because (in a browser) you don't have any access to that information.
>> 
>> So help educate me on what is missing and lets go get that fixed in web sockets.
> 
> 
> The browser inspects the certificate retrieved from the WS server in
> the same way than when the browser connects to a HTTPS site. And the
> certificate inspection means matching the server domain with the CN or
> SubjectAltNames fields (DNS entries) and others usual checks.


Right - that sounds good - so what is missing ?