IETF Logo Mail Archive

Re: [xmpp] Fwd: I-D Action: draft-saintandre-xmpp-tls-00.txt

Dave Cridland <dave@cridland.net> Mon, 09 September 2013 17:33 UTC

Return-Path: <dave@cridland.net>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3947321E8097 for <xmpp@ietfa.amsl.com>; Mon, 9 Sep 2013 10:33:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h0M-8bPWdWDC for <xmpp@ietfa.amsl.com>; Mon, 9 Sep 2013 10:33:55 -0700 (PDT)
Received: from mail-ob0-x232.google.com (mail-ob0-x232.google.com [IPv6:2607:f8b0:4003:c01::232]) by ietfa.amsl.com (Postfix) with ESMTP id DF6FA21E809C for <xmpp@ietf.org>; Mon, 9 Sep 2013 10:33:54 -0700 (PDT)
Received: by mail-ob0-f178.google.com with SMTP id ef5so6263648obb.9 for <xmpp@ietf.org>; Mon, 09 Sep 2013 10:33:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cridland.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=hwjI31VFfsDqrCDSwAp/YI2vAMqTvNE/XIud6HqM1Ew=; b=d+WDF9qg8iNrXqeEbtzSqKu/CMtujJI7tUon/vq60PaOshSRheHN1YCXhZ89TM40mH e/FZJpgkvPsX6xA/z485ki9nDrXranDbCpa48BVz/Vw71xKVbszixhgQGcMNQDxYbX9a M34nQ2/EAClfoCVLcIRk5lw6xHnvQVuk4hHh8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=hwjI31VFfsDqrCDSwAp/YI2vAMqTvNE/XIud6HqM1Ew=; b=QidGuypxNmREOjs8Y69F2Y0k2Q03Fzp3tpmGHPd6trvoIRSMXoFituD+/ppVMKvtuU v4pcjJN2OqG86AQpqsLI0kwhB/KdlPZXmDsHIJhoohMrgYex7/K61KY161QqcnU7Vf/J zxAxI2+0eCB21N8SvNwewPoub1/Cc9uKgta7nPlGElRug9xw7sJVRey3hwWagyxQO1NV yay3FSvxk68j9LcW+gKngy79H8rlEGT7sPwrrlhAoR/XZMVIpjt4MM5z0qoLI6gW0xw2 FfMdA432TXyyIt/JbZ8cgJut+KSJPIZD3VOR6QVrBEwfEuXzhmeRUyfjfcXOQM+wKJxL lvcA==
X-Gm-Message-State: ALoCoQnQ4TXluXzME4x63gaYfBasEHatqPHkNglPtTlHcWZY8TCAu1eZfUApKEsADqTPnILD1oCs
MIME-Version: 1.0
X-Received: by 10.60.45.65 with SMTP id k1mr1642158oem.48.1378748034403; Mon, 09 Sep 2013 10:33:54 -0700 (PDT)
Received: by 10.60.121.97 with HTTP; Mon, 9 Sep 2013 10:33:54 -0700 (PDT)
In-Reply-To: <522E0075.1010109@stpeter.im>
References: <20130909163208.24682.22846.idtracker@ietfa.amsl.com> <522DF8BC.7040701@stpeter.im> <CAKHUCzze4c5NweqZU1GD=qxSiVLLgY7evbh0Lk9wKr4FpQ9HXQ@mail.gmail.com> <522E0075.1010109@stpeter.im>
Date: Mon, 09 Sep 2013 18:33:54 +0100
Message-ID: <CAKHUCzx4qTfjkPOmiXiFURUp+5J7qXu89KDzsrNqSRiUXw1+Vw@mail.gmail.com>
From: Dave Cridland <dave@cridland.net>
To: Peter Saint-Andre <stpeter@stpeter.im>
Content-Type: multipart/alternative; boundary="089e0141a79cd35e9004e5f6ca1c"
Cc: XMPP <xmpp@ietf.org>
Subject: Re: [xmpp] Fwd: I-D Action: draft-saintandre-xmpp-tls-00.txt
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 17:33:56 -0000

On Mon, Sep 9, 2013 at 6:08 PM, Peter Saint-Andre <stpeter@stpeter.im>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 9/9/13 10:51 AM, Dave Cridland wrote:
> > On Mon, Sep 9, 2013 at 5:35 PM, Peter Saint-Andre
> > <stpeter@stpeter.im <mailto:stpeter@stpeter.im>> wrote:
> >
> > There's also a htmlized version available at:
> > http://tools.ietf.org/html/draft-saintandre-xmpp-tls-00
> >
> >
> > Thanks for writing this, it looks like an excellent start.
>
> You inspired it because as I recall you suggested that we pull some of
> the security recommendations out of draft-ietf-xmpp-3920bis and into a
> separate spec that we could update more readily. :-)
>
>
OK, I could take credit. Though years of management have trained me to wait
until I see a successful outcome first.


> > o  Discuss TLS compression vs. application-layer compression?
> >
> > It's not obvious it's a security issue, but yes.
>
> Well, there is the CRIME attack against some technologies that use TLS
> compression, however it's not clear to me if that applies to XMPP.
>
>
Ah, that. Right.


> > The issue remains that compressing streams takes a serious wodge of
> > data, but it's desirable.
> >
> > Also, I think we should discuss the use of anonymous (or
> > unauthenticated in general) TLS; I've been convinced recently that
> > using even a non-channel-binding authentication and unauthenticated
> > TLS is substantially better than nothing. It's also what the
> > deployed base actually does.
>
> Could you explain a bit more what you mean by unauthenticated TLS?
>
>
Any TLS channel which is not authenticated; so ADH is anonymous, whereas
self-signed cert usage is the (broader) unauthenticated TLS, as are various
other cases.


> > Finally, I'd be keen to see this adopted by the working group if
> > that's on the table.
>
> I leave that up to the chairs. :-)  Depending on how you read the
> charter, it might or might not be in scope.
>
>
Charters can be changed, of course.

Dave.

v2.23.0 | Report a Bug | By Email