IETF Logo Mail Archive

Re: [xmpp] #39: prohibition on TLS renegotiation

Ben Campbell <ben@nostrum.com> Wed, 07 July 2010 15:38 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2A4EA3A67C3 for <xmpp@core3.amsl.com>; Wed, 7 Jul 2010 08:38:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SPF_PASS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JJ352wsapF76 for <xmpp@core3.amsl.com>; Wed, 7 Jul 2010 08:38:18 -0700 (PDT)
Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by core3.amsl.com (Postfix) with ESMTP id F05D03A6783 for <xmpp@ietf.org>; Wed, 7 Jul 2010 08:38:17 -0700 (PDT)
Received: from dn3-174.estacado.net (vicuna-alt.estacado.net [75.53.54.121]) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id o67FcK0D050864 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 7 Jul 2010 10:38:20 -0500 (CDT) (envelope-from ben@nostrum.com)
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset="us-ascii"
From: Ben Campbell <ben@nostrum.com>
In-Reply-To: <4C3498DE.4020709@stpeter.im>
Date: Wed, 07 Jul 2010 10:38:19 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <040509B9-025A-4337-A25D-C49D2C0CA9DA@nostrum.com>
References: <057.cd3487385f077266653b25eecf323b0d@tools.ietf.org> <4C27CFDC.4060701@stpeter.im> <87lj9re7r2.fsf@mocca.josefsson.org> <4C335537.6070605@stpeter.im> <4C335FB7.2030806@stpeter.im> <87630r9xks.fsf@mocca.josefsson.org> <12FEB9B4-C775-46F2-BC3A-F4737F165FD9@Isode.com> <87aaq38hdi.fsf@mocca.josefsson.org> <4C3498DE.4020709@stpeter.im>
To: Peter Saint-Andre <stpeter@stpeter.im>
X-Mailer: Apple Mail (2.1081)
Received-SPF: pass (nostrum.com: 75.53.54.121 is authenticated by a trusted mechanism)
Cc: Kurt Zeilenga <Kurt.Zeilenga@Isode.com>, xmpp@ietf.org
Subject: Re: [xmpp] #39: prohibition on TLS renegotiation
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jul 2010 15:38:19 -0000

On Jul 7, 2010, at 10:10 AM, Peter Saint-Andre wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 7/7/10 9:02 AM, Simon Josefsson wrote:
>> Kurt Zeilenga <Kurt.Zeilenga@Isode.com> writes:
>> 
>>> I personally wouldn't have a problem with just saying "SHOULD NOT do
>>> TLS renegotiation".  That is, I don't see a particular need to detail
>>> how to implement a non-recommended capability.
>> 
>> I also dislike going into details about non-recommended approaches.  I
>> prefer MUST NOT over SHOULD NOT if we cannot think up at least one
>> use-case when the SHOULD NOT recommendation isn't followed.  Especially
>> since if a use case appears for TLS renegotiation, use of it (and what
>> it means for XMPP) can be described in a separate document.
> 
> Further: do we have a use case *now*? If not, why leave the door open?
> As Simon says, we can always write a spec that updates 3920bis with
> recommedations about using TLS renegotiation in XMPP. If we don't need
> it now, I'd stick with MUST NOT.

[as individual]

I concur. Keep it simple an unambiguous.  With out a strong articulable reason to do it, let's not put in a loophole for implementations to do something we'd rather them not do anyway.

v2.23.0 | Report a Bug | By Email