Re: [Uta] AD review of draft-ietf-uta-xmpp-05
Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 03 April 2015 20:20 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF4641A0266 for <uta@ietfa.amsl.com>; Fri, 3 Apr 2015 13:20:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RL6gyNr1uKR4 for <uta@ietfa.amsl.com>; Fri, 3 Apr 2015 13:20:18 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 501E71A0058 for <uta@ietf.org>; Fri, 3 Apr 2015 13:20:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id C0D1FBECA; Fri, 3 Apr 2015 21:20:16 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9EPnzXv1Z5hh; Fri, 3 Apr 2015 21:20:15 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.46.18.59]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 54873BEC6; Fri, 3 Apr 2015 21:20:15 +0100 (IST)
Message-ID: <551EF5FF.1050209@cs.tcd.ie>
Date: Fri, 03 Apr 2015 21:20:15 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Peter Saint-Andre - &yet <peter@andyet.net>, "uta@ietf.org" <uta@ietf.org>
References: <5516C8FB.3010905@cs.tcd.ie> <551EF276.9010700@andyet.net>
In-Reply-To: <551EF276.9010700@andyet.net>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/A0HYDsOsGyh01RO-Auj1lgOsXHA>
Subject: Re: [Uta] AD review of draft-ietf-uta-xmpp-05
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2015 20:20:20 -0000
Hiya, Those seem fine. I guess the best is to see out the IETF LC and then re-spin the I-D, Thanks, S. On 03/04/15 21:05, Peter Saint-Andre - &yet wrote: > Hi Stephen, thanks for the review and my apologies about the delayed reply. > > On 3/28/15 9:30 AM, Stephen Farrell wrote: >> >> Hiya, >> >> As your non-shiny new helper AD I've reviewed draft-ietf-uta-xmpp-05. >> I have some comments (below), none need hold up IETF LC I think so >> please treat these as you would IETF LC comments. >> >> I'll request IETF LC momentarily. >> >> Thanks, >> S. >> >> - 3.4: I'm not clear what the last paragraph is telling >> me. What should I do about that? > > Some motivating and concluding text might be helpful, such as: > > OLD > The Domain Name Associations (DNA) specification [I-D.ietf-xmpp-dna] > describes a framework for XMPP server authentication methods, which > include not only PKIX but also DNS-Based Authentication of Named > Entities (DANE) as defined in [I-D.ietf-dane-srv] and PKIX over > Secure HTTP (POSH) as defined in [I-D.ietf-xmpp-posh]. > > NEW > In some scenarios such as multi-tenanted environments, it can be > extremely difficult to obtain or deploy PKIX certificates with the > proper Subject Alternative Names. To overcome that challenge, the > Domain Name Associations (DNA) specification [I-D.ietf-xmpp-dna] > describes a framework for XMPP server authentication methods, which > include not only PKIX but also DNS-Based Authentication of Named > Entities (DANE) as defined in [I-D.ietf-dane-srv] and PKIX over > Secure HTTP (POSH) as defined in [I-D.ietf-xmpp-posh]. These > methods can provide a basis for server identity verification when > appropriate PKIX certificates cannot be obtained or deployed. > >> - 3.7: practically, is it feasible to provide a client >> with information about server-server uses of TLS? (And >> how many server-server TLS "hops" might there be?) > > See my reply to Roni Even's Gen-ART review. It is *not* feasible (at > least not in a way that would provide information the client could > trust), and the text was unclear enough to cause confusion. I suggested > alternative text in my reply to Roni. > >> - 3.7: Would it be sensible here to recommend that >> servers log information about the use of TLS so as to be >> able to spot e.g. that what used normally be sent over >> TLS, is now in clear? I'm not sure how feasible it would >> be to do that very well, but maybe we could give >> developers some hints here and see what they come up >> with? > > It seems better to require the use of TLS and never allow cleartext > connections. > >> - 5: Would it be worth noting there that this is not e2e >> (obvious I guess) but that that means that some gateways >> (e.g. to SIP) may mean that we even if we really get all >> hops protected, we may not be able to report on that? > > This document does not cover gateways, nor does RFC 6120. IMHO text > about gatewaying belongs the appropriate specifications. For example, > there is text about it in RFC 7247 and in draft-ietf-stox-im. > >> nits: >> >> - 3.5: maybe s/passive eavesdropping/eavesdropping/ and a >> reference to RFC7258 might save someone the trouble about >> arguing that case in XMPP land later. > > Good idea. > >> - ID nits has some reference version nits, it's fine to >> fix those next time some changes are needed. > > Given the scope of changes occasioned by Roni's review, we'll need a > revised I-D before IESG consideration. > > Peter >
- [Uta] AD review of draft-ietf-uta-xmpp-05 Stephen Farrell
- Re: [Uta] AD review of draft-ietf-uta-xmpp-05 Peter Saint-Andre - &yet
- Re: [Uta] AD review of draft-ietf-uta-xmpp-05 Peter Saint-Andre - &yet
- Re: [Uta] AD review of draft-ietf-uta-xmpp-05 Stephen Farrell