Re: [xmpp] Fwd: I-D Action: draft-saintandre-xmpp-tls-00.txt
Dave Cridland <dave@cridland.net> Mon, 09 September 2013 17:33 UTC
Return-Path: <dave@cridland.net>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3947321E8097 for <xmpp@ietfa.amsl.com>; Mon, 9 Sep 2013 10:33:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h0M-8bPWdWDC for <xmpp@ietfa.amsl.com>; Mon, 9 Sep 2013 10:33:55 -0700 (PDT)
Received: from mail-ob0-x232.google.com (mail-ob0-x232.google.com [IPv6:2607:f8b0:4003:c01::232]) by ietfa.amsl.com (Postfix) with ESMTP id DF6FA21E809C for <xmpp@ietf.org>; Mon, 9 Sep 2013 10:33:54 -0700 (PDT)
Received: by mail-ob0-f178.google.com with SMTP id ef5so6263648obb.9 for <xmpp@ietf.org>; Mon, 09 Sep 2013 10:33:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cridland.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=hwjI31VFfsDqrCDSwAp/YI2vAMqTvNE/XIud6HqM1Ew=; b=d+WDF9qg8iNrXqeEbtzSqKu/CMtujJI7tUon/vq60PaOshSRheHN1YCXhZ89TM40mH e/FZJpgkvPsX6xA/z485ki9nDrXranDbCpa48BVz/Vw71xKVbszixhgQGcMNQDxYbX9a M34nQ2/EAClfoCVLcIRk5lw6xHnvQVuk4hHh8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=hwjI31VFfsDqrCDSwAp/YI2vAMqTvNE/XIud6HqM1Ew=; b=QidGuypxNmREOjs8Y69F2Y0k2Q03Fzp3tpmGHPd6trvoIRSMXoFituD+/ppVMKvtuU v4pcjJN2OqG86AQpqsLI0kwhB/KdlPZXmDsHIJhoohMrgYex7/K61KY161QqcnU7Vf/J zxAxI2+0eCB21N8SvNwewPoub1/Cc9uKgta7nPlGElRug9xw7sJVRey3hwWagyxQO1NV yay3FSvxk68j9LcW+gKngy79H8rlEGT7sPwrrlhAoR/XZMVIpjt4MM5z0qoLI6gW0xw2 FfMdA432TXyyIt/JbZ8cgJut+KSJPIZD3VOR6QVrBEwfEuXzhmeRUyfjfcXOQM+wKJxL lvcA==
X-Gm-Message-State: ALoCoQnQ4TXluXzME4x63gaYfBasEHatqPHkNglPtTlHcWZY8TCAu1eZfUApKEsADqTPnILD1oCs
MIME-Version: 1.0
X-Received: by 10.60.45.65 with SMTP id k1mr1642158oem.48.1378748034403; Mon, 09 Sep 2013 10:33:54 -0700 (PDT)
Received: by 10.60.121.97 with HTTP; Mon, 9 Sep 2013 10:33:54 -0700 (PDT)
In-Reply-To: <522E0075.1010109@stpeter.im>
References: <20130909163208.24682.22846.idtracker@ietfa.amsl.com> <522DF8BC.7040701@stpeter.im> <CAKHUCzze4c5NweqZU1GD=qxSiVLLgY7evbh0Lk9wKr4FpQ9HXQ@mail.gmail.com> <522E0075.1010109@stpeter.im>
Date: Mon, 09 Sep 2013 18:33:54 +0100
Message-ID: <CAKHUCzx4qTfjkPOmiXiFURUp+5J7qXu89KDzsrNqSRiUXw1+Vw@mail.gmail.com>
From: Dave Cridland <dave@cridland.net>
To: Peter Saint-Andre <stpeter@stpeter.im>
Content-Type: multipart/alternative; boundary="089e0141a79cd35e9004e5f6ca1c"
Cc: XMPP <xmpp@ietf.org>
Subject: Re: [xmpp] Fwd: I-D Action: draft-saintandre-xmpp-tls-00.txt
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 17:33:56 -0000
On Mon, Sep 9, 2013 at 6:08 PM, Peter Saint-Andre <stpeter@stpeter.im>wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 9/9/13 10:51 AM, Dave Cridland wrote: > > On Mon, Sep 9, 2013 at 5:35 PM, Peter Saint-Andre > > <stpeter@stpeter.im <mailto:stpeter@stpeter.im>> wrote: > > > > There's also a htmlized version available at: > > http://tools.ietf.org/html/draft-saintandre-xmpp-tls-00 > > > > > > Thanks for writing this, it looks like an excellent start. > > You inspired it because as I recall you suggested that we pull some of > the security recommendations out of draft-ietf-xmpp-3920bis and into a > separate spec that we could update more readily. :-) > > OK, I could take credit. Though years of management have trained me to wait until I see a successful outcome first. > > o Discuss TLS compression vs. application-layer compression? > > > > It's not obvious it's a security issue, but yes. > > Well, there is the CRIME attack against some technologies that use TLS > compression, however it's not clear to me if that applies to XMPP. > > Ah, that. Right. > > The issue remains that compressing streams takes a serious wodge of > > data, but it's desirable. > > > > Also, I think we should discuss the use of anonymous (or > > unauthenticated in general) TLS; I've been convinced recently that > > using even a non-channel-binding authentication and unauthenticated > > TLS is substantially better than nothing. It's also what the > > deployed base actually does. > > Could you explain a bit more what you mean by unauthenticated TLS? > > Any TLS channel which is not authenticated; so ADH is anonymous, whereas self-signed cert usage is the (broader) unauthenticated TLS, as are various other cases. > > Finally, I'd be keen to see this adopted by the working group if > > that's on the table. > > I leave that up to the chairs. :-) Depending on how you read the > charter, it might or might not be in scope. > > Charters can be changed, of course. Dave.
- [xmpp] Fwd: I-D Action: draft-saintandre-xmpp-tls… Peter Saint-Andre
- Re: [xmpp] Fwd: I-D Action: draft-saintandre-xmpp… Peter Saint-Andre
- Re: [xmpp] Fwd: I-D Action: draft-saintandre-xmpp… Dave Cridland
- Re: [xmpp] Fwd: I-D Action: draft-saintandre-xmpp… Peter Saint-Andre
- Re: [xmpp] Fwd: I-D Action: draft-saintandre-xmpp… Matt Miller (mamille2)
- Re: [xmpp] Fwd: I-D Action: draft-saintandre-xmpp… Philipp Hancke
- Re: [xmpp] Fwd: I-D Action: draft-saintandre-xmpp… Peter Saint-Andre
- Re: [xmpp] Fwd: I-D Action: draft-saintandre-xmpp… Peter Saint-Andre
- Re: [xmpp] Fwd: I-D Action: draft-saintandre-xmpp… Peter Saint-Andre
- Re: [xmpp] Fwd: I-D Action: draft-saintandre-xmpp… Dave Cridland
- Re: [xmpp] I-D Action: draft-saintandre-xmpp-tls-… Olle E. Johansson
- Re: [xmpp] I-D Action: draft-saintandre-xmpp-tls-… Olle E. Johansson
- Re: [xmpp] I-D Action: draft-saintandre-xmpp-tls-… Tobias Markmann
- Re: [xmpp] I-D Action: draft-saintandre-xmpp-tls-… Olle E. Johansson
- Re: [xmpp] I-D Action: draft-saintandre-xmpp-tls-… Philipp Hancke
- Re: [xmpp] I-D Action: draft-saintandre-xmpp-tls-… Peter Saint-Andre
- Re: [xmpp] I-D Action: draft-saintandre-xmpp-tls-… Thijs Alkemade
- Re: [xmpp] I-D Action: draft-saintandre-xmpp-tls-… Peter Saint-Andre