Re: [secdir] [xmpp] SecDir review of draft-ietf-xmpp-3920bis-17

Peter Saint-Andre <stpeter@stpeter.im> Mon, 08 November 2010 19:44 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 825303A686D; Mon, 8 Nov 2010 11:44:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ftdBSX2b3xlO; Mon, 8 Nov 2010 11:44:44 -0800 (PST)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id 935163A6800; Mon, 8 Nov 2010 11:44:44 -0800 (PST)
Received: from dhcp-44a7.meeting.ietf.org (dhcp-44a7.meeting.ietf.org [130.129.68.167]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 6285A40D1E; Mon, 8 Nov 2010 12:54:14 -0700 (MST)
Message-ID: <4CD8533D.1090006@stpeter.im>
Date: Tue, 09 Nov 2010 03:45:01 +0800
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: Peter Saint Andre <Peter.SaintAndre@webex.com>
References: <B276A36CB76AE04FADC48FDD7ED6A1CA0368BE@SRV-EXSC03.webex.local>
In-Reply-To: <B276A36CB76AE04FADC48FDD7ED6A1CA0368BE@SRV-EXSC03.webex.local>
X-Enigmail-Version: 1.1.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms020305020303020006020102"
X-Mailman-Approved-At: Mon, 08 Nov 2010 16:06:25 -0800
Cc: secdir@ietf.org, draft-ietf-xmpp-3920bis.all@tools.ietf.org, fippo@mail.symlynx.com, xmpp@ietf.org, iesg@ietf.org
Subject: Re: [secdir] [xmpp] SecDir review of draft-ietf-xmpp-3920bis-17
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Nov 2010 19:44:45 -0000

Never mind, we already have that:

   Feature:  stanza-attribute-from-validate
   Description:  Validate the 'from' address of all stanzas received
      from a peer servers.
   Section:  Section 8.1.2.2
   Roles:  Client N/A, Server MUST.

Issue closed. :)

On 11/5/10 9:54 PM, Peter Saint Andre wrote:
> Yes, it would be good to add a conformance feature for that one,
> too.
> 
> ----- Original Message ----- From: Philipp Hancke
> <fippo@mail.symlynx.com>; To: Yaron Sheffer <yaronf.ietf@gmail.com>; 
> Cc: Peter Saint-Andre <stpeter@stpeter.im>;;
> draft-ietf-xmpp-3920bis.all@tools.ietf.org
> <draft-ietf-xmpp-3920bis.all@tools.ietf.org>;; iesg@ietf.org
> <iesg@ietf.org>;; XMPP <xmpp@ietf.org>;; secdir@ietf.org
> <secdir@ietf.org>; Sent: Thu Nov 04 13:41:32 2010 Subject: Re: [xmpp]
> SecDir review of draft-ietf-xmpp-3920bis-17
> 
> Yaron Sheffer wrote:
>> Hi Peter,
>> 
>> yes, these seem reasonable. Is there a "converse" to the rewriting
>> of the client's From header before forwarding to other servers,
>> i.e. is there a server-side check on stanza From headers received
>> from other servers?
> 
> Yes, see 8.1.2.2. Server-to-Server Streams (or search for the
> associated invalid-from stream error).