Re: [Stox] Stephen Farrell's No Objection on draft-ietf-stox-chat-10: (with COMMENT)

Peter Saint-Andre <stpeter@stpeter.im> Thu, 05 March 2015 21:47 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: stox@ietfa.amsl.com
Delivered-To: stox@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE9461A9075; Thu, 5 Mar 2015 13:47:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.912
X-Spam-Level:
X-Spam-Status: No, score=-1.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nmDcTa4XsAJN; Thu, 5 Mar 2015 13:47:12 -0800 (PST)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 71D931A9074; Thu, 5 Mar 2015 13:47:12 -0800 (PST)
Received: from aither.local (unknown [73.34.202.214]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 30B0D41295; Thu, 5 Mar 2015 14:47:14 -0700 (MST)
Message-ID: <54F8CEDD.4030403@stpeter.im>
Date: Thu, 05 Mar 2015 14:47:09 -0700
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Peter Saint-Andre - &yet <peter@andyet.net>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
References: <20150303204228.1780.23346.idtracker@ietfa.amsl.com> <54F79AB2.8090700@andyet.net>
In-Reply-To: <54F79AB2.8090700@andyet.net>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/stox/9bKaFsoapv-s8SAZn8lO68HGLkM>
X-Mailman-Approved-At: Fri, 06 Mar 2015 01:20:57 -0800
Cc: stox@ietf.org, yana@jitsi.org, stox-chairs@ietf.org, draft-ietf-stox-chat.all@ietf.org
Subject: Re: [Stox] Stephen Farrell's No Objection on draft-ietf-stox-chat-10: (with COMMENT)
X-BeenThere: stox@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SIP-TO-XMPP Working Group discussion list <stox.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stox>, <mailto:stox-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stox/>
List-Post: <mailto:stox@ietf.org>
List-Help: <mailto:stox-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stox>, <mailto:stox-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2015 21:47:16 -0000

On 3/4/15 4:52 PM, Peter Saint-Andre - &yet wrote:
> On 3/3/15 1:42 PM, Stephen Farrell wrote:
>> Stephen Farrell has entered the following ballot position for
>> draft-ietf-stox-chat-10: No Objection
>>
>> When responding, please keep the subject line intact and reply to all
>> email addresses included in the To and CC lines. (Feel free to cut this
>> introductory paragraph, however.)
>>
>>
>> Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html
>> for more information about IESG DISCUSS and COMMENT positions.
>>
>>
>> The document, along with other ballot positions, can be found here:
>> http://datatracker.ietf.org/doc/draft-ietf-stox-chat/
>>
>>
>>
>> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------
>>
>>
>> - OTR works for xmpp. I think (not sure) it could be made
>> work for MSRP or SIMPLE, and presumably then it might work
>> here. If that's true, be good to note that and explain a bit
>> how to do that. (And I don't mean the long-promised OTR I-D,
>> just a pointer at the inevitably bad best reference we can
>> find.)
>
> Yes, we might do that in all three of these specs (or, as Barry
> suggests, mention it in the -im spec and point there from the others).

Here is proposed / updated text for the -im document, to which we can 
point from the -chat document:

    This document specifies methods for exchanging "page-mode" instant
    messages through a gateway that translates between SIP and XMPP, and
    [I-D.ietf-stox-chat] specifies such methods for "session-mode"
    instant messaging between MSRP and XMPP.  Such a gateway MUST be
    compliant with the minimum security requirements of the textual chat
    protocols for which it translates (i.e., SIP or MSRP and XMPP).

    The addition of gateways to the security model of instant messaging
    specified in [RFC2779] introduces some new risks.  In particular,
    end-to-end security properties (especially confidentiality and
    integrity) between instant messaging clients that interface through a
    gateway can be provided only if common formats are supported.
    Specification of those common formats is out of scope for this
    document.  For instant messages, it is possible to use [RFC3862] and
    [RFC3923], but those methods are not widely implemented.  A more
    widely implemented albeit unstandardized method for interoperable
    end-to-end encryption would be Off-the-Record Messaging [OTR].

Peter