Re: [xmpp] I-D Action: draft-ietf-xmpp-posh-02.txt

⌘ Matt Miller <mamille2@cisco.com> Fri, 10 October 2014 22:19 UTC

Return-Path: <mamille2@cisco.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D21F1AD456 for <xmpp@ietfa.amsl.com>; Fri, 10 Oct 2014 15:19:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -13.966
X-Spam-Level:
X-Spam-Status: No, score=-13.966 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_8BIT_HEADER=0.3, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UzbFjXIPhf9M for <xmpp@ietfa.amsl.com>; Fri, 10 Oct 2014 15:19:02 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D435F1A88D0 for <xmpp@ietf.org>; Fri, 10 Oct 2014 15:19:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3758; q=dns/txt; s=iport; t=1412979541; x=1414189141; h=message-id:date:from:mime-version:cc:subject:references: in-reply-to:content-transfer-encoding; bh=8B67PESkSupzNdMowD7/RFig2uncf/V2o9p5BlppPVE=; b=nKnfHMMhpVe0isCkgRTPxD1K6DeaBEHtcT51cTEm6ukxiSLGv6kXIERl /V72jlSMM+phtv7VMb5UuO4kj2FSj9uLY0OzyZJTjbgxaO/5dBsEHilR+ eAza4pgq71cnvhYdPO0FAxaScUQ3jA7ZlweGGCg6RhYNqwDDgZAbIdmYW I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApwNAP5ZOFStJA2M/2dsb2JhbABWAQmDDlNTBQSDAsgXCodNAiVgFgF7g3sJAQEEAQEBIEsLEAsYAgIFIQICDwIWMBMBAwICAQEFhW2CSAgFqneUbgEBAQEBAQQBAQEBAQEcgSyONgYBCgEdMweCdw+BRQWEYoZ8il2EPoJSgS48gwqCco4rggAegXgiK4EPOYECAQEF
X-IronPort-AV: E=Sophos;i="5.04,695,1406592000"; d="scan'208";a="85955613"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-4.cisco.com with ESMTP; 10 Oct 2014 22:19:00 +0000
Received: from xhc-aln-x06.cisco.com (xhc-aln-x06.cisco.com [173.36.12.80]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id s9AMJ0ib023459 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <xmpp@ietf.org>; Fri, 10 Oct 2014 22:19:01 GMT
Received: from [10.129.24.59] (10.129.24.59) by xhc-aln-x06.cisco.com (173.36.12.80) with Microsoft SMTP Server (TLS) id 14.3.195.1; Fri, 10 Oct 2014 17:19:00 -0500
Message-ID: <54385B54.60207@cisco.com>
Date: Fri, 10 Oct 2014 16:19:00 -0600
From: ⌘ Matt Miller <mamille2@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
CC: xmpp@ietf.org
References: <20141010220938.3460.83660.idtracker@ietfa.amsl.com>
In-Reply-To: <20141010220938.3460.83660.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.129.24.59]
Archived-At: http://mailarchive.ietf.org/arch/msg/xmpp/69u51wJ9J4KMMqb0Rfqy6L8ujLE
Subject: Re: [xmpp] I-D Action: draft-ietf-xmpp-posh-02.txt
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Oct 2014 22:19:04 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This revision adds more constraints around the value of the "ttl"
fields, which was brought to the editors' attention off-list.

The previous revision only vaguely said the "ttl" was a number.  It
now states the "ttl" is a JSON number that MUST be non-negative integer.


- -- 
- - m&m

Matt Miller < mamille2@cisco.com >
Cisco Systems, Inc.

On 10/10/14, 4:09 PM, internet-drafts@ietf.org wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories. This draft is a work item of the Extensible Messaging
> and Presence Protocol Working Group of the IETF.
> 
> Title           : PKIX over Secure HTTP (POSH) Authors         :
> Matthew Miller Peter Saint-Andre Filename        :
> draft-ietf-xmpp-posh-02.txt Pages           : 14 Date            :
> 2014-10-10
> 
> Abstract: Experience has shown that it is extremely difficult to
> deploy proper PKIX certificates for TLS in multi-tenanted
> environments, since certification authorities will not issue
> certificates for hosted domains to hosting services, hosted domains
> do not want hosting services to hold their private keys, and
> hosting services wish to avoid liability for holding those keys.
> As a result, domains hosted in multi-tenanted environments often
> deploy non-HTTP applications such as email and instant messaging
> using certificates that identify the hosting service, not the
> hosted domain.  Such deployments force end users and peer services
> to accept a certificate with an improper identifier, resulting in
> obvious security implications.  This document defines two methods
> that make it easier to deploy certificates for proper server
> identity checking in non-HTTP application protocols.  The first
> method enables the TLS client associated with a user agent or peer
> application server to obtain the end-entity certificate of a hosted
> domain over secure HTTP as an alternative to standard PKIX
> techniques.  The second method enables a hosted domain to securely
> delegate a non-HTTP application to a hosting service using
> redirects provided by HTTPS itself or by a pointer in a file served
> over HTTPS at the hosted domain.  While this approach was developed
> for use in the Extensible Messaging and Presence Protocol (XMPP) as
> a Domain Name Association prooftype, it can be applied to any
> non-HTTP application protocol.
> 
> 
> The IETF datatracker status page for this draft is: 
> https://datatracker.ietf.org/doc/draft-ietf-xmpp-posh/
> 
> There's also a htmlized version available at: 
> http://tools.ietf.org/html/draft-ietf-xmpp-posh-02
> 
> A diff from the previous version is available at: 
> http://www.ietf.org/rfcdiff?url2=draft-ietf-xmpp-posh-02
> 
> 
> Please note that it may take a couple of minutes from the time of
> submission until the htmlized version and diff are available at
> tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at: 
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________ xmpp mailing list 
> xmpp@ietf.org https://www.ietf.org/mailman/listinfo/xmpp
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJUOFtUAAoJEDWi+S0W7cO1lzcH/0btZ9aCGIWFSy0kgMBAqk76
CYNuN3reOypnDUCULfSilcs1KypKbNfGjVI6UFdKYBmJg9+Z9p34YbobKZk7tooD
KNAW+YLtTYGz9cnGse88z9I/kgErqqu0D2vvb64fqvp963lVNGlaOFruB3mrbAOO
iZKYQwgnusNi63FN8Z7HVfiRgFxM9k6Pet4BrFRR+WcLuglVlJUshtVcOHTAfrKU
UjcFQ+oaresFEHthuLZMH4DxbHuuO3sofKm9juxMC7N35RkXXkgrzTGcxNsrGLsA
iOfAby43uqPj6tk3bMG8VDcRbTm3GMu+UcARaPjAjAf9USfsDrP+YVGdTogp+cM=
=//3z
-----END PGP SIGNATURE-----