Re: [xmpp] WGLC of draft-ietf-xmpp-posh-02
Philipp Hancke <fippo@goodadvice.pages.de> Sat, 25 October 2014 08:41 UTC
Return-Path: <fippo@goodadvice.pages.de>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C28561A8704 for <xmpp@ietfa.amsl.com>; Sat, 25 Oct 2014 01:41:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n2XnyFrl4Q3D for <xmpp@ietfa.amsl.com>; Sat, 25 Oct 2014 01:41:28 -0700 (PDT)
Received: from lo.psyced.org (lost.in.psyced.org [188.40.42.221]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 440711A86E5 for <xmpp@ietf.org>; Sat, 25 Oct 2014 01:41:28 -0700 (PDT)
Received: from [192.168.178.45] (p5DCFDE85.dip0.t-ipconnect.de [93.207.222.133]) (authenticated bits=0) by lo.psyced.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id s9P8fRu7018983 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sat, 25 Oct 2014 10:41:29 +0200
Message-ID: <544B622A.9050807@goodadvice.pages.de>
Date: Sat, 25 Oct 2014 10:41:14 +0200
From: Philipp Hancke <fippo@goodadvice.pages.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: XMPP Working Group <xmpp@ietf.org>
References: <E2E3603E-F48C-4853-AF15-3F6EE0A64510@nostrum.com>
In-Reply-To: <E2E3603E-F48C-4853-AF15-3F6EE0A64510@nostrum.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/xmpp/5Cnls21IKyJY3B0NI5v9uZe-A8A
Cc: draft-ietf-xmpp-posh.all@tools.ietf.org
Subject: Re: [xmpp] WGLC of draft-ietf-xmpp-posh-02
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Oct 2014 08:41:29 -0000
Am 14.10.2014 01:17, schrieb Ben Campbell: > (Oops, messed up the authors' address the first time. Apologies for the duplicate.) > > This is a Working Group Last Call of draft-ietf-xmpp-posh-02. The draft is available at the following URL: > > http://tools.ietf.org/html/draft-ietf-xmpp-posh-02 > > The WGLC will conclude on 27 October, 2014. Please send your comments to the authors and the XMPP mailing list. In several places, "Server identity" and "TLS client" are used, e.g. > Server identity checking (see [RFC6125]) involves three different > aspects: [...] > a TLS client SHOULD consider the delegation invalid. I think this is not the "TLS client" but the "POSH client" and the "Peer Identity". The main use case is when an xmpp s2s-server uses POSH to verify an incoming connection. section 5: The TLS client SHOULD perform all POSH retrievals before opening any socket connections to the application protocol server. (ed: extra whitespace before that sentence) SHOULD is too strong here. I see it as a fallback rather and would only do POSH when not finding a proper identity. This would mean that sometimes, POSH is used without need. I suspect this makes it easier to use POSH as part of the TLS handshake rather than as an application layer check. This is also not possible for the s2s scenario where POSH may be triggered by an incoming <db:result>somekeywhichwouldnotbeused</db:result> which would happen after <starttls/> and after the TLS handshake itself is done. Should be easy to fix though.
- [xmpp] WGLC of draft-ietf-xmpp-posh-02 Ben Campbell
- [xmpp] WGLC of draft-ietf-xmpp-posh-02 Ben Campbell
- Re: [xmpp] WGLC of draft-ietf-xmpp-posh-02 Dave Cridland
- Re: [xmpp] WGLC of draft-ietf-xmpp-posh-02 Philipp Hancke
- Re: [xmpp] WGLC of draft-ietf-xmpp-posh-02 Philipp Hancke
- Re: [xmpp] WGLC of draft-ietf-xmpp-posh-02 Peter Saint-Andre - &yet
- Re: [xmpp] WGLC of draft-ietf-xmpp-posh-02 Peter Saint-Andre
- Re: [xmpp] WGLC of draft-ietf-xmpp-posh-02 Peter Saint-Andre - &yet
- Re: [xmpp] WGLC of draft-ietf-xmpp-posh-02 Peter Saint-Andre - &yet