Re: [Uta] Ben Campbell's Yes on draft-ietf-uta-xmpp-06: (with COMMENT)
Peter Saint-Andre - &yet <peter@andyet.net> Tue, 21 April 2015 22:51 UTC
Return-Path: <peter@andyet.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 162101B2DE6 for <uta@ietfa.amsl.com>; Tue, 21 Apr 2015 15:51:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W6lIWTu0O9L8 for <uta@ietfa.amsl.com>; Tue, 21 Apr 2015 15:51:39 -0700 (PDT)
Received: from mail-ie0-f176.google.com (mail-ie0-f176.google.com [209.85.223.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E69DC1B2DEF for <uta@ietf.org>; Tue, 21 Apr 2015 15:51:38 -0700 (PDT)
Received: by iecrt8 with SMTP id rt8so25260817iec.0 for <uta@ietf.org>; Tue, 21 Apr 2015 15:51:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=njtvJNx/ipL8glYxHYWBCM8wAigIlWv880aOY434L4E=; b=YPtkqrjXAJVRFWzuL8jU4PRZvcug31nu9hVyQ4BDB8+RAIRpRSGJIQvAYGdnguVXvD MONjWNd393BK66o2GWnCqDS0VgxAUvaL3ngh/tc/e/EyVsikD65cZu6i+T+GwRAXvHF0 72orL1NJ+SM8mj9VgNN9CbBZa2MphgpjVw3SbHfXEbwo5Q+sPUJ/+LX1vhuIr+SEYrGM WoIT34FN3IY6TKEs9ofQANNEFFimZVxyI9Ph3wxGJUHx706GDfbpLmLz1EOIdBQTSFTy dQSR9Ohvq+Cc1xFHTcrUFNRoR2W6ZVtTRb1wmZ6QFgeEZbXBP1fGpRh8cakMb3JP+fdr o/Vw==
X-Gm-Message-State: ALoCoQlJ2S/uTx1RlH6pfm6baVcsckXZo21RCW43pD2Zn+t4bQrskLIQfSytH6Z1zHR7kTnVOvvO
X-Received: by 10.107.9.67 with SMTP id j64mr32907865ioi.39.1429656698340; Tue, 21 Apr 2015 15:51:38 -0700 (PDT)
Received: from aither.local (c-73-34-202-214.hsd1.co.comcast.net. [73.34.202.214]) by mx.google.com with ESMTPSA id s85sm1935907ioe.28.2015.04.21.15.51.36 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Apr 2015 15:51:37 -0700 (PDT)
Message-ID: <5536D477.8070206@andyet.net>
Date: Tue, 21 Apr 2015 16:51:35 -0600
From: Peter Saint-Andre - &yet <peter@andyet.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Ben Campbell <ben@nostrum.com>, The IESG <iesg@ietf.org>
References: <20150421215347.6473.19473.idtracker@ietfa.amsl.com>
In-Reply-To: <20150421215347.6473.19473.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/I9pYWX5ZK-uSkrO7zDcl8E0-3Rc>
Cc: uta-chairs@ietf.org, draft-ietf-uta-xmpp.ad@ietf.org, uta@ietf.org, draft-ietf-uta-xmpp@ietf.org, draft-ietf-uta-xmpp.shepherd@ietf.org, leifj@sunet.se
Subject: Re: [Uta] Ben Campbell's Yes on draft-ietf-uta-xmpp-06: (with COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2015 22:51:41 -0000
Hi Ben, thanks for the review. On 4/21/15 3:53 PM, Ben Campbell wrote: > Ben Campbell has entered the following ballot position for > draft-ietf-uta-xmpp-06: Yes > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > http://datatracker.ietf.org/doc/draft-ietf-uta-xmpp/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > 3.4, paragraph 3: > > Would you offer different guidance about the multi-tenant problem if POSH > and DNA were finished? I don't suggest delaying for that, even though > they are both post-WGLC. But I wonder if there is something here we need > to clean up after POSH and DNA are published? I think it's not a question of "published" but of "widely implemented and deployed". Thus, unfortunately, I would not foresee being able to absolutely mandate server-to-server authentication for at least a few years. However, that is certainly the goal. Do you think that additional text would be helpful here? > Paragraph 4: > > By "unauthenticated connections", I assume it means "unauthenticated TLS > [or encrypted] connections". Is this correct? Good point: I think it would be best to make the following change. OLD Given the pervasiveness of eavesdropping [RFC7258], even an unauthenticated connection might be better than an unencrypted connection in these scenarios (this is similar to the "better than nothing security" approach for IPsec [RFC5386]). Unauthenticated connections include connections negotiated using anonymous Diffie- Hellman mechanisms or using self-signed certificates, among others. In particular for XMPP server-to-server interactions, it can be reasonable for XMPP server implementations to accept unauthenticated but encrypted connections when Server Dialback keys [XEP-0220] are used; such keys on their own provide only weak identity verification (made stronger through the use of DNSSEC [RFC4033]), but this at least enables encryption of server-to-server connections. The DNA prooftypes described above are intended to mitigate the residual need for unauthenticated connections in these scenarios. NEW Given the pervasiveness of eavesdropping [RFC7258], even an encrypted but unauthenticated connection might be better than an unencrypted connection in these scenarios (this is similar to the "better than nothing security" approach for IPsec [RFC5386]). Encrypted but unauthenticated connections include connections negotiated using anonymous Diffie-Hellman mechanisms or using self-signed certificates, among others. In particular for XMPP server-to-server interactions, it can be reasonable for XMPP server implementations to accept encrypted but unauthenticated connections when Server Dialback keys [XEP-0220] are used; such keys on their own provide only weak identity verification (made stronger through the use of DNSSEC [RFC4033]), but this at least enables encryption of server-to-server connections. The DNA prooftypes described above are intended to mitigate the residual need for encrypted but unauthenticated connections in these scenarios. Rationale: the contrast is between (a) connections that are encrypted but not authenticated and (b) connections that are both encrypted and authenticated. Peter -- Peter Saint-Andre https://andyet.com/
- Re: [Uta] Ben Campbell's Yes on draft-ietf-uta-xm… Peter Saint-Andre - &yet