IETF Logo Mail Archive

Re: [xmpp] Clarification of TLS Identity checking in draft-ietf-xmpp-3920bis

Florian Zeitz <florob@babelmonkeys.de> Tue, 15 March 2011 20:58 UTC

Return-Path: <florob@babelmonkeys.de>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3F8E83A6EB2 for <xmpp@core3.amsl.com>; Tue, 15 Mar 2011 13:58:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.949
X-Spam-Level:
X-Spam-Status: No, score=-1.949 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZiiBdpcD-KbF for <xmpp@core3.amsl.com>; Tue, 15 Mar 2011 13:58:08 -0700 (PDT)
Received: from babelmonkeys.de (v64231.topnetworks.de [82.197.159.233]) by core3.amsl.com (Postfix) with ESMTP id C0EA43A691E for <xmpp@ietf.org>; Tue, 15 Mar 2011 13:58:07 -0700 (PDT)
Received: from xdsl-87-79-189-17.netcologne.de ([87.79.189.17] helo=[192.168.234.167]) by babelmonkeys.de with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <florob@babelmonkeys.de>) id 1PzbL1-0002Cm-CW for xmpp@ietf.org; Tue, 15 Mar 2011 21:59:31 +0100
Message-ID: <4D7FD32D.2080906@babelmonkeys.de>
Date: Tue, 15 Mar 2011 21:59:25 +0100
From: Florian Zeitz <florob@babelmonkeys.de>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110307 Lanikai/3.1.9
MIME-Version: 1.0
To: xmpp@ietf.org
References: <4D7E61BD.50804@collabora.co.uk> <4D7E9902.4020908@babelmonkeys.de> <4D7E9E39.4030900@stpeter.im> <4D7EA525.4050207@babelmonkeys.de> <4D7ED70C.7070708@stpeter.im> <4D7ED9E9.70501@stpeter.im>
In-Reply-To: <4D7ED9E9.70501@stpeter.im>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [xmpp] Clarification of TLS Identity checking in draft-ietf-xmpp-3920bis
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2011 20:58:09 -0000

Am 15.03.2011 04:15, schrieb Peter Saint-Andre:
> On 3/14/11 9:03 PM, Peter Saint-Andre wrote:
>> On 3/14/11 5:30 PM, Florian Zeitz wrote:
>>> Am 15.03.2011 00:01, schrieb Peter Saint-Andre:
>>>> On 3/14/11 4:38 PM, Florian Zeitz wrote:
>>>>> b) I don't think the draft means "reference identifier" here. I think
>>>>> what it actually is talking about is the "source domain" that it will
>>>>> base reference identifiers of. I think once that is clarified the rules
>>>>> for building a list of reference identifiers that are in
>>>>> draft-saintandre-tls-server-id are sufficient.
>>>>
>>>> I think that's right, and changing "reference identifier" to "source
>>>> domain" is a relatively small fix. The rules about reference identifiers
>>>> are provided in Section 13.7.1.2.1.
>>>>
>>> I had hoped for that ;)
>>
>> The right fix is:
>>
>>     The initiating entity sets the source domain of its reference
>>                                ^^^^^^^^^^^^^^^^^^^^
>>     identifier to the 'to' address it communicates in the initial
>>     stream header...
>
> Sorry, one more slight correction: "the source domain of its reference
> identifiers" (in the plural) because the initiating entity might have
> multiple reference identifiers (dNSName, SRVName, etc.).
>
Sounds fine to me.

--
Florian Zeitz

v2.23.0 | Report a Bug | By Email