Re: [xmpp] I-D Action: draft-ietf-xmpp-posh-02.txt
⌘ Matt Miller <mamille2@cisco.com> Fri, 10 October 2014 22:19 UTC
Return-Path: <mamille2@cisco.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D21F1AD456 for <xmpp@ietfa.amsl.com>; Fri, 10 Oct 2014 15:19:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -13.966
X-Spam-Level:
X-Spam-Status: No, score=-13.966 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_8BIT_HEADER=0.3, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UzbFjXIPhf9M for <xmpp@ietfa.amsl.com>; Fri, 10 Oct 2014 15:19:02 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D435F1A88D0 for <xmpp@ietf.org>; Fri, 10 Oct 2014 15:19:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3758; q=dns/txt; s=iport; t=1412979541; x=1414189141; h=message-id:date:from:mime-version:cc:subject:references: in-reply-to:content-transfer-encoding; bh=8B67PESkSupzNdMowD7/RFig2uncf/V2o9p5BlppPVE=; b=nKnfHMMhpVe0isCkgRTPxD1K6DeaBEHtcT51cTEm6ukxiSLGv6kXIERl /V72jlSMM+phtv7VMb5UuO4kj2FSj9uLY0OzyZJTjbgxaO/5dBsEHilR+ eAza4pgq71cnvhYdPO0FAxaScUQ3jA7ZlweGGCg6RhYNqwDDgZAbIdmYW I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApwNAP5ZOFStJA2M/2dsb2JhbABWAQmDDlNTBQSDAsgXCodNAiVgFgF7g3sJAQEEAQEBIEsLEAsYAgIFIQICDwIWMBMBAwICAQEFhW2CSAgFqneUbgEBAQEBAQQBAQEBAQEcgSyONgYBCgEdMweCdw+BRQWEYoZ8il2EPoJSgS48gwqCco4rggAegXgiK4EPOYECAQEF
X-IronPort-AV: E=Sophos;i="5.04,695,1406592000"; d="scan'208";a="85955613"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-4.cisco.com with ESMTP; 10 Oct 2014 22:19:00 +0000
Received: from xhc-aln-x06.cisco.com (xhc-aln-x06.cisco.com [173.36.12.80]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id s9AMJ0ib023459 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <xmpp@ietf.org>; Fri, 10 Oct 2014 22:19:01 GMT
Received: from [10.129.24.59] (10.129.24.59) by xhc-aln-x06.cisco.com (173.36.12.80) with Microsoft SMTP Server (TLS) id 14.3.195.1; Fri, 10 Oct 2014 17:19:00 -0500
Message-ID: <54385B54.60207@cisco.com>
Date: Fri, 10 Oct 2014 16:19:00 -0600
From: ⌘ Matt Miller <mamille2@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
CC: xmpp@ietf.org
References: <20141010220938.3460.83660.idtracker@ietfa.amsl.com>
In-Reply-To: <20141010220938.3460.83660.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.129.24.59]
Archived-At: http://mailarchive.ietf.org/arch/msg/xmpp/69u51wJ9J4KMMqb0Rfqy6L8ujLE
Subject: Re: [xmpp] I-D Action: draft-ietf-xmpp-posh-02.txt
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Oct 2014 22:19:04 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This revision adds more constraints around the value of the "ttl" fields, which was brought to the editors' attention off-list. The previous revision only vaguely said the "ttl" was a number. It now states the "ttl" is a JSON number that MUST be non-negative integer. - -- - - m&m Matt Miller < mamille2@cisco.com > Cisco Systems, Inc. On 10/10/14, 4:09 PM, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. This draft is a work item of the Extensible Messaging > and Presence Protocol Working Group of the IETF. > > Title : PKIX over Secure HTTP (POSH) Authors : > Matthew Miller Peter Saint-Andre Filename : > draft-ietf-xmpp-posh-02.txt Pages : 14 Date : > 2014-10-10 > > Abstract: Experience has shown that it is extremely difficult to > deploy proper PKIX certificates for TLS in multi-tenanted > environments, since certification authorities will not issue > certificates for hosted domains to hosting services, hosted domains > do not want hosting services to hold their private keys, and > hosting services wish to avoid liability for holding those keys. > As a result, domains hosted in multi-tenanted environments often > deploy non-HTTP applications such as email and instant messaging > using certificates that identify the hosting service, not the > hosted domain. Such deployments force end users and peer services > to accept a certificate with an improper identifier, resulting in > obvious security implications. This document defines two methods > that make it easier to deploy certificates for proper server > identity checking in non-HTTP application protocols. The first > method enables the TLS client associated with a user agent or peer > application server to obtain the end-entity certificate of a hosted > domain over secure HTTP as an alternative to standard PKIX > techniques. The second method enables a hosted domain to securely > delegate a non-HTTP application to a hosting service using > redirects provided by HTTPS itself or by a pointer in a file served > over HTTPS at the hosted domain. While this approach was developed > for use in the Extensible Messaging and Presence Protocol (XMPP) as > a Domain Name Association prooftype, it can be applied to any > non-HTTP application protocol. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-xmpp-posh/ > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-xmpp-posh-02 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-xmpp-posh-02 > > > Please note that it may take a couple of minutes from the time of > submission until the htmlized version and diff are available at > tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ xmpp mailing list > xmpp@ietf.org https://www.ietf.org/mailman/listinfo/xmpp > -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJUOFtUAAoJEDWi+S0W7cO1lzcH/0btZ9aCGIWFSy0kgMBAqk76 CYNuN3reOypnDUCULfSilcs1KypKbNfGjVI6UFdKYBmJg9+Z9p34YbobKZk7tooD KNAW+YLtTYGz9cnGse88z9I/kgErqqu0D2vvb64fqvp963lVNGlaOFruB3mrbAOO iZKYQwgnusNi63FN8Z7HVfiRgFxM9k6Pet4BrFRR+WcLuglVlJUshtVcOHTAfrKU UjcFQ+oaresFEHthuLZMH4DxbHuuO3sofKm9juxMC7N35RkXXkgrzTGcxNsrGLsA iOfAby43uqPj6tk3bMG8VDcRbTm3GMu+UcARaPjAjAf9USfsDrP+YVGdTogp+cM= =//3z -----END PGP SIGNATURE-----
- [xmpp] I-D Action: draft-ietf-xmpp-posh-02.txt internet-drafts
- Re: [xmpp] I-D Action: draft-ietf-xmpp-posh-02.txt ⌘ Matt Miller