Re: [secdir] [xmpp] SecDir review of draft-ietf-xmpp-3920bis-17

Dave Cridland <dave@cridland.net> Mon, 01 November 2010 21:16 UTC

Return-Path: <dave@cridland.net>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 42FB73A67AC; Mon, 1 Nov 2010 14:16:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8-PYyiBgXAkv; Mon, 1 Nov 2010 14:16:11 -0700 (PDT)
Received: from peirce.dave.cridland.net (peirce.dave.cridland.net [217.155.137.61]) by core3.amsl.com (Postfix) with ESMTP id 028163A676A; Mon, 1 Nov 2010 14:16:11 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by peirce.dave.cridland.net (Postfix) with ESMTP id 655C011680F6; Mon, 1 Nov 2010 21:16:12 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at peirce.dave.cridland.net
Received: from peirce.dave.cridland.net ([127.0.0.1]) by localhost (peirce.dave.cridland.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6b0X8uqw2t68; Mon, 1 Nov 2010 21:16:08 +0000 (GMT)
Received: from puncture (unknown [217.155.137.60]) by peirce.dave.cridland.net (Postfix) with ESMTPA id BD24511680CA; Mon, 1 Nov 2010 21:16:08 +0000 (GMT)
References: <4CC9503D.2000809@gmail.com> <4CCBA7A9.7030506@stpeter.im> <4CCE87A5.80701@gmail.com> <4CCF04D3.6020504@babelmonkeys.de> <2761.1288645042.396621@puncture>
In-Reply-To: <2761.1288645042.396621@puncture>
MIME-Version: 1.0
Message-Id: <2761.1288646168.774025@puncture>
Date: Mon, 01 Nov 2010 21:16:08 +0000
From: Dave Cridland <dave@cridland.net>
To: Dave Cridland <dave@cridland.net>, Florian Zeitz <florob@babelmonkeys.de>, Yaron Sheffer <yaronf.ietf@gmail.com>, Security Area Directorate <secdir@ietf.org>, The IESG <iesg@ietf.org>, XMPP Working Group <xmpp@ietf.org>, "draft-ietf-xmpp-3920bis.all@tools.ietf.org" <draft-ietf-xmpp-3920bis.all@tools.ietf.org>, Peter Saint-Andre <stpeter@stpeter.im>
Content-Type: text/plain; delsp="yes"; charset="iso-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailman-Approved-At: Mon, 01 Nov 2010 14:21:43 -0700
Subject: Re: [secdir] [xmpp] SecDir review of draft-ietf-xmpp-3920bis-17
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Nov 2010 21:16:12 -0000

On Mon Nov  1 20:57:22 2010, Dave Cridland wrote:
> You're thinking of transition-needed, which was IIRC removed from  
> the  bis drafts.
> 
> It's pretty scary itself, as it provides an easy path to a  
> downgrade  attack.

FWIW, Philip Hancke pointed out that transition-needed *is* in the  
current drafts at §6.5.12, with suitable security note.

Dave.
-- 
Dave Cridland - mailto:dave@cridland.net - xmpp:dwd@dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade