Re: [xmpp] DNA transport
Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 15 January 2010 17:41 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BDEB03A695B for <xmpp@core3.amsl.com>; Fri, 15 Jan 2010 09:41:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.143
X-Spam-Level:
X-Spam-Status: No, score=-0.143 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_COM=0.553, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zdZVmdNJWmlE for <xmpp@core3.amsl.com>; Fri, 15 Jan 2010 09:41:24 -0800 (PST)
Received: from mail.newbay.com (87-198-172-198.ptr.magnet.ie [87.198.172.198]) by core3.amsl.com (Postfix) with ESMTP id 907E73A691A for <xmpp@ietf.org>; Fri, 15 Jan 2010 09:41:24 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.newbay.com (Postfix) with ESMTP id 0C6B53600E9; Fri, 15 Jan 2010 17:41:20 +0000 (GMT)
X-Virus-Scanned: amavisd-new at newbay.com
Received: from mail.newbay.com ([127.0.0.1]) by localhost (mail.newbay.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8-FYtwTdki73; Fri, 15 Jan 2010 17:41:19 +0000 (GMT)
Received: from mail01.newbay.com (mail01.newbay.com [192.168.12.25]) by mail.newbay.com (Postfix) with ESMTP id B51963600E8; Fri, 15 Jan 2010 17:41:19 +0000 (GMT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail01.newbay.com (Postfix) with ESMTP id 953EA7C317; Fri, 15 Jan 2010 17:41:19 +0000 (GMT)
X-Virus-Scanned: amavisd-new at newbay.com
Received: from mail01.newbay.com ([127.0.0.1]) by localhost (mail01.newbay.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M-YWKocYH7Sq; Fri, 15 Jan 2010 17:41:18 +0000 (GMT)
Received: from [192.168.11.110] (unknown [192.168.11.110]) by mail01.newbay.com (Postfix) with ESMTP id BF9297C12D; Fri, 15 Jan 2010 17:41:18 +0000 (GMT)
Message-ID: <4B50A8BE.1030709@cs.tcd.ie>
Date: Fri, 15 Jan 2010 17:41:18 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Thunderbird 2.0.0.23 (X11/20090812)
MIME-Version: 1.0
To: "Richard L. Barnes" <RBARNES@BBN.COM>
References: <2170B6E1-79CA-4F85-A1D2-4564B8806984@BBN.COM>
In-Reply-To: <2170B6E1-79CA-4F85-A1D2-4564B8806984@BBN.COM>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: xmpp@ietf.org
Subject: Re: [xmpp] DNA transport
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jan 2010 17:41:25 -0000
Richard L. Barnes wrote: > Assuming for the moment that we're going to stick with attribute certs: > Rather than using both TLS and some new XML to carry DNA information, > why not just hand the attribute certs over as part of the TLS > negotiation? That is, carrying XMPP authorization certs seems like a > natural application of the TLS authorization extensions [1]. That way, > implementations can save on the crypto costs (since tls-authz is > reportedly already implemented in OpenSSL, GNUTLS, and NSS), and > draft-ietf-xmpp-dna can focus on the AC profile. Would tls-authz work for the number of ACs that'd be involved here? I understood that there could be a lot, which could therefore be a good reason to do DNA at the application layer. Triggering sending the right ACs at the right time could also be tricky depending on the interfaces between the TLS library and the application. So I'd say this is worth checking out, and would be interested if someone did that, but I'd be a bit surprised if it were the right answer in the end. S. > > --Richard > > [1] <http://tools.ietf.org/html/draft-housley-tls-authz-extns-09> > > _______________________________________________ > xmpp mailing list > xmpp@ietf.org > https://www.ietf.org/mailman/listinfo/xmpp >
- [xmpp] DNA transport Richard L. Barnes
- Re: [xmpp] DNA transport Stephen Farrell
- Re: [xmpp] DNA transport Richard L. Barnes
- Re: [xmpp] DNA transport Dave Cridland
- Re: [xmpp] DNA transport Jonas Lindberg
- Re: [xmpp] DNA transport Simon Josefsson