Re: [xmpp] DNA transport
Jonas Lindberg <jonasl@google.com> Sat, 16 January 2010 22:23 UTC
Return-Path: <jonasl@google.com>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 076753A67FD for <xmpp@core3.amsl.com>; Sat, 16 Jan 2010 14:23:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.976
X-Spam-Level:
X-Spam-Status: No, score=-101.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i2PQ4JOGIlbQ for <xmpp@core3.amsl.com>; Sat, 16 Jan 2010 14:23:32 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by core3.amsl.com (Postfix) with ESMTP id 625693A67AE for <xmpp@ietf.org>; Sat, 16 Jan 2010 14:23:32 -0800 (PST)
Received: from wpaz21.hot.corp.google.com (wpaz21.hot.corp.google.com [172.24.198.85]) by smtp-out.google.com with ESMTP id o0GMNSsb001220 for <xmpp@ietf.org>; Sat, 16 Jan 2010 14:23:28 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1263680608; bh=gMlJUEAdLY3qzx5u5+krh4PRnWY=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=KfhL6Qax3CwthoMyShU166o4+Ya20DlCGfRwDnkJ6PGbCiPA8Jn7AmjhqfTJxV82R 94Ep8C8F7hKBtQp3b2f3A==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:from:date:message-id: subject:to:cc:content-type:x-system-of-record; b=aSw1Amphenzm9zJEIeywgPAzC1iHDCbU3hEJ0mkSISBzyEvZbeab6F5AjnOZlCi6h Q+LGkul3f+2zbwau9axKg==
Received: from ywh41 (ywh41.prod.google.com [10.192.8.41]) by wpaz21.hot.corp.google.com with ESMTP id o0GMNRVM008347 for <xmpp@ietf.org>; Sat, 16 Jan 2010 14:23:27 -0800
Received: by ywh41 with SMTP id 41so1511225ywh.0 for <xmpp@ietf.org>; Sat, 16 Jan 2010 14:23:27 -0800 (PST)
MIME-Version: 1.0
Received: by 10.150.251.41 with SMTP id y41mr3113091ybh.247.1263680607144; Sat, 16 Jan 2010 14:23:27 -0800 (PST)
In-Reply-To: <30081.1263596632.641431@puncture>
References: <2170B6E1-79CA-4F85-A1D2-4564B8806984@BBN.COM> <30081.1263596632.641431@puncture>
From: Jonas Lindberg <jonasl@google.com>
Date: Sat, 16 Jan 2010 23:23:07 +0100
Message-ID: <a74e91db1001161423v6ee1c26asbc7a4b45cf1dd9ff@mail.gmail.com>
To: Dave Cridland <dave@cridland.net>
Content-Type: multipart/alternative; boundary="000e0cd6d020b2cc40047d4f91c8"
X-System-Of-Record: true
Cc: "Richard L. Barnes" <RBARNES@bbn.com>, XMPP Working Group <xmpp@ietf.org>
Subject: Re: [xmpp] DNA transport
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Jan 2010 22:23:34 -0000
Good points. Definitely need the ability to add new domains during a stream, and most likely don't want the overhead of passing credentials for all domains that may be used during stream setup. Number of domains could be large for a big hosting provider. Jonas On Sat, Jan 16, 2010 at 12:03 AM, Dave Cridland <dave@cridland.net> wrote: > On Fri Jan 15 17:31:13 2010, Richard L. Barnes wrote: > >> Assuming for the moment that we're going to stick with attribute certs: >> Rather than using both TLS and some new XML to carry DNA information, why >> not just hand the attribute certs over as part of the TLS negotiation? >> That is, carrying XMPP authorization certs seems like a natural >> application of the TLS authorization extensions [1]. That way, >> implementations can save on the crypto costs (since tls- authz is reportedly >> already implemented in OpenSSL, GNUTLS, and NSS), and draft-ietf-xmpp-dna >> can focus on the AC profile. >> > > Can't - XMPP needs to dynamically add multiple domain credentials on the > fly during a stream, so I think we'd need to either have a new TLS record > type, or else carry them in the application protocol. > > Carrying them in the application protocol also means we're channel > independent. > > And don't have to wait on the TLS guys quite so long. > > Dave. > -- > Dave Cridland - mailto:dave@cridland.net - xmpp:dwd@dave.cridland.net<xmpp%3Adwd@dave.cridland.net> > - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ > - http://dave.cridland.net/ > Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade > > _______________________________________________ > xmpp mailing list > xmpp@ietf.org > https://www.ietf.org/mailman/listinfo/xmpp >
- [xmpp] DNA transport Richard L. Barnes
- Re: [xmpp] DNA transport Stephen Farrell
- Re: [xmpp] DNA transport Richard L. Barnes
- Re: [xmpp] DNA transport Dave Cridland
- Re: [xmpp] DNA transport Jonas Lindberg
- Re: [xmpp] DNA transport Simon Josefsson