IETF Logo Mail Archive

Re: [xmpp] #39: prohibition on TLS renegotiation

Peter Saint-Andre <stpeter@stpeter.im> Wed, 07 July 2010 15:10 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2B66D3A684A for <xmpp@core3.amsl.com>; Wed, 7 Jul 2010 08:10:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4yYVT2S5KFqY for <xmpp@core3.amsl.com>; Wed, 7 Jul 2010 08:10:21 -0700 (PDT)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id 0D8CA3A6842 for <xmpp@ietf.org>; Wed, 7 Jul 2010 08:10:21 -0700 (PDT)
Received: from leavealone.cisco.com (72-163-0-129.cisco.com [72.163.0.129]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id D0CB540E3C; Wed, 7 Jul 2010 09:10:23 -0600 (MDT)
Message-ID: <4C3498DE.4020709@stpeter.im>
Date: Wed, 07 Jul 2010 09:10:22 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: Simon Josefsson <simon@josefsson.org>
References: <057.cd3487385f077266653b25eecf323b0d@tools.ietf.org> <4C27CFDC.4060701@stpeter.im> <87lj9re7r2.fsf@mocca.josefsson.org> <4C335537.6070605@stpeter.im> <4C335FB7.2030806@stpeter.im> <87630r9xks.fsf@mocca.josefsson.org> <12FEB9B4-C775-46F2-BC3A-F4737F165FD9@Isode.com> <87aaq38hdi.fsf@mocca.josefsson.org>
In-Reply-To: <87aaq38hdi.fsf@mocca.josefsson.org>
X-Enigmail-Version: 1.0.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: Kurt Zeilenga <Kurt.Zeilenga@Isode.com>, xmpp@ietf.org
Subject: Re: [xmpp] #39: prohibition on TLS renegotiation
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jul 2010 15:10:24 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 7/7/10 9:02 AM, Simon Josefsson wrote:
> Kurt Zeilenga <Kurt.Zeilenga@Isode.com> writes:
> 
>> I personally wouldn't have a problem with just saying "SHOULD NOT do
>> TLS renegotiation".  That is, I don't see a particular need to detail
>> how to implement a non-recommended capability.
> 
> I also dislike going into details about non-recommended approaches.  I
> prefer MUST NOT over SHOULD NOT if we cannot think up at least one
> use-case when the SHOULD NOT recommendation isn't followed.  Especially
> since if a use case appears for TLS renegotiation, use of it (and what
> it means for XMPP) can be described in a separate document.

Further: do we have a use case *now*? If not, why leave the door open?
As Simon says, we can always write a spec that updates 3920bis with
recommedations about using TLS renegotiation in XMPP. If we don't need
it now, I'd stick with MUST NOT.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkw0mN4ACgkQNL8k5A2w/vzMSQCfb5aRiYcyamJYuuSAkB4BXHf6
2PYAn02srqMBm1BG5Ek8lQVQPdtPw57/
=tFws
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email