[secdir] SECDIR review of draft-ietf-xmpp-3921bis-15.txt

"Richard L. Barnes" <rbarnes@bbn.com> Tue, 26 October 2010 02:06 UTC

Return-Path: <rbarnes@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 817143A6C1B; Mon, 25 Oct 2010 19:06:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.557
X-Spam-Status: No, score=-102.557 tagged_above=-999 required=5 tests=[AWL=0.042, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id 6eh3z7mIY0Fj; Mon, 25 Oct 2010 19:06:35 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com []) by core3.amsl.com (Postfix) with ESMTP id 831D13A67D6; Mon, 25 Oct 2010 19:06:35 -0700 (PDT)
Received: from [] (port=50300 helo=richards-MacBook-Pro.local) by smtp.bbn.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1PAYxZ-0003O1-Cs; Mon, 25 Oct 2010 22:08:21 -0400
Message-ID: <4CC63813.5070101@bbn.com>
Date: Mon, 25 Oct 2010 22:08:19 -0400
From: "Richard L. Barnes" <rbarnes@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv: Gecko/20101013 Thunderbird/3.1.5
MIME-Version: 1.0
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-xmpp-3921bis@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [secdir] SECDIR review of draft-ietf-xmpp-3921bis-15.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Oct 2010 02:06:36 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
  These comments were written primarily for the benefit of the security 
area directors.  Document editors and WG chairs should treat these 
comments just like any other last call comments.

This document describes an instant-messaging and presence system based 
on the core system of exchanging XML stanzas described in RFC 3920 and 
draft-ietf-xmpp-3920bis.  As the document rightly notes, the underlying 
transport protocol addresses most of the security considerations for 
this document, and that document seems to have a thorough discussion of 
security considerations (although I have not done a thorough review). In 
general, I think that the security considerations in this document 
adequately describe the additional risks posed by the instant-messaging- 
and presence-specific parts of the protocol (beyond those of the base 
protocol), and corresponding mitigations.

One thing that might merit clarification: The overriding 
application-layer security concern here is the proper routing of 
presence and instant messaging stanzas through the XMPP system. 
(Underlying communications security concerns are addressed by the core 
spec.)  For the most part, these concerns with requirements on servers 
to act in certain ways on behalf of the user.  It could be helpful to 
the reader to re-state some of the communications patterns from Section 
13.1 of draft-ietf-xmpp-3920bis and comment on the particular roles that 
the entities play in the context of instant messaging and presence 
(e.g., routing unicast <message> stanzas, fan-out of broadcast presence