Re: [secdir] [xmpp] SecDir review of draft-ietf-xmpp-3920bis-17

Peter Saint-Andre <> Tue, 02 November 2010 20:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1ABF13A69E1; Tue, 2 Nov 2010 13:17:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -101.932
X-Spam-Status: No, score=-101.932 tagged_above=-999 required=5 tests=[AWL=0.667, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Y99I3FxLJuff; Tue, 2 Nov 2010 13:17:23 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id EDCBC3A68E6; Tue, 2 Nov 2010 13:17:22 -0700 (PDT)
Received: from ( []) (Authenticated sender: stpeter) by (Postfix) with ESMTPSA id 2CA4F40D1E; Tue, 2 Nov 2010 14:26:04 -0600 (MDT)
Message-ID: <>
Date: Tue, 02 Nov 2010 14:17:25 -0600
From: Peter Saint-Andre <>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv: Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: Kurt Zeilenga <Kurt.Zeilenga@Isode.COM>
References: <> <> <> <> <2761.1288645043.347835@puncture> <> <> <> <> <706C109C-A2D2-4E17-B5AA-6B881F7E0334@Isode.COM> <> <60F15D22-C2F2-47F7-8BC1-4442B764EDFA@Isode.COM>
In-Reply-To: <60F15D22-C2F2-47F7-8BC1-4442B764EDFA@Isode.COM>
X-Enigmail-Version: 1.1.1
OpenPGP: url=
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms050800080302030503040007"
X-Mailman-Approved-At: Thu, 04 Nov 2010 10:23:15 -0700
Cc: "" <>, The IESG <>, XMPP Working Group <>, Security Area Directorate <>
Subject: Re: [secdir] [xmpp] SecDir review of draft-ietf-xmpp-3920bis-17
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 Nov 2010 20:17:24 -0000

On 11/2/10 1:03 PM, Kurt Zeilenga wrote:
> On Nov 2, 2010, at 9:37 AM, Peter Saint-Andre wrote:
>>> I suspect I'm in the rough on both points.  Oh well.
>>>> 2. The technology that the XMPP community uses for account 
>>>> registration (XEP-0077) could benefit from an update, or even
>>>> a replacement, and when that work is completed I'd like to
>>>> include a method by which a client could register a key or cert
>>>> with the server, thus smoothing the path toward password-less 
>>>> authentication. IMHO that will be the best approach in the
>>>> longer term, instead of continually tweaking the password-based
>>>> methods. But that's a topic for another time...
>>> I also think transition-needed needs to be deprecated in favor
>>> of transition within the bound channel (e.g., today via XEP 77,
>>> tomorrow ?).
>> I'm not sure exactly what "transition within the bound channel" is,
>> but it sounds worthy of discussion when we work on 3920ter.
> The problem with transition-needed is that the error is sent outside
> the bound channel.
> By "within the bound channel", I mean a transitioning method,
> including any necessary signaling, would be performed inside the
> bound channel, that is, within the new <stream:stream/> protected by
> the SASL exchange.
>> At this point I don't think the XMPP community has a great deal of
>> experience with, or even understanding of, channel binding, so it's
>> difficult for us to make strong recommendations that depend on
>> channel binding.
> It would be same issue of doing transition outside of a SASL
> negotiated security layer.  It's prone to attack.  And the fix is the
> same.

What is the attack? If the client required negotiation of TLS before
moving on to SASL, the server has already authenticated to the client at
the stage. As I far as I understand, you are arguing that SASL
negotiation could result in establishment of a further security layer
that is bound to the TLS layer via channel binding, and that it is safe
for the client to send plaintext credentials to the server only after
channel binding has taken place. Correct? If so, then we'd need to
define a post-SASL protocol (that might include work on periodic
re-authentication requests sent from server to client). But IMHO that
work is out of scope for 3920bis. The question is: is it better to
remove the <transition-needed/> SASL condition pending work on the
future protocol extension?


Peter Saint-Andre