Re: [xmpp] Questions on POSH (WAS: Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-03.txt]
Peter Saint-Andre <stpeter@stpeter.im> Wed, 13 February 2013 16:40 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98F2E21F88A9 for <xmpp@ietfa.amsl.com>; Wed, 13 Feb 2013 08:40:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nMtGVyHdp98D for <xmpp@ietfa.amsl.com>; Wed, 13 Feb 2013 08:40:33 -0800 (PST)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id A36E621F8893 for <xmpp@ietf.org>; Wed, 13 Feb 2013 08:40:30 -0800 (PST)
Received: from [10.129.24.65] (unknown [128.107.239.233]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 0E0B040564; Wed, 13 Feb 2013 09:47:34 -0700 (MST)
Message-ID: <511BC1FC.6040202@stpeter.im>
Date: Wed, 13 Feb 2013 09:40:28 -0700
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-Version: 1.0
To: "Matt Miller (mamille2)" <mamille2@cisco.com>
References: <20130110184432.5134.57184.idtracker@ietfa.amsl.com> <50EF71A4.1050606@stpeter.im> <CACEE+iPix6zGpFDC0KAOyR+33_2wdzPtyiFTDn7di7-T6vZKqw@mail.gmail.com> <BF7E36B9C495A6468E8EC573603ED94115135FCB@xmb-aln-x11.cisco.com>
In-Reply-To: <BF7E36B9C495A6468E8EC573603ED94115135FCB@xmb-aln-x11.cisco.com>
X-Enigmail-Version: 1.5
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: XMPP Working Group <xmpp@ietf.org>, Florian Jensen <florian@florianjensen.com>
Subject: Re: [xmpp] Questions on POSH (WAS: Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-03.txt]
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2013 16:40:34 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2/13/13 8:45 AM, Matt Miller (mamille2) wrote: > If POSH doesn't work for you, then I guess you don't deploy it. Exactly. The idea behind DNA is that we have a "framework" for proving the validity of a server-to-server connection, with (initially) three different prooftypes: 1. PKI (RFC 6120 / RFC 6125) 2. DNSSEC (draft-miller-xmpp-dnssec-prooftype) 3. POSH (draft-miller-xmpp-posh-prooftype) Simon / Florian, we'd appreciate your feedback on the whole system here. Is one of those prooftypes deployable? Maybe two in some circumstances or for some customers? Matt and I added POSH to the mix because of difficulties with PKI and DNSSEC in many scenarios. Our hope is that, for hosting providers and customers who care about having secure s2s connections, at least one of the prooftypes would work. If that's not the case, then we might need to think about defining additional prooftypes (possibilities include some kind of ticket system a la OAuth, TLS with PGP as in RFC 6091, and other things that might or might not be easy to implement to deploy either). But we'll want to make sure that in any given deployment scenario at least one of the prooftypes is a reasonable approach. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRG8H7AAoJEOoGpJErxa2pxpwQAKR4jXvopHo8pS8vvWk3dVB3 2/cJIoEhQjc+OvopFg17ck8T8azErE29cctWfnztocPV+63K4tsSepDI14MnkzoC HqwHOx7MnZpud6VBpvlHErpyT3S6Ch9AFjrBgodP7fG34JrOUe5ikWhz1XtJII86 2en0sfIe5QnYhJqF3+F8GoaimcUXK21EG3x5sM3gKswXLt5uBhFW5zk9mE1PlUOK lRJWZHSCCceUv/Ry//e07hIblog+vsY59q9rRHjlsLpeGbzoZ+OBLbtixQh1fLuf XzZYNDSyKs/p2p9w9iOqw7RuefqDa8jKe2l2wSwqY77WWWe2V+lbeCHI6XlH4j2/ 0p7hyFsRWshne6h1b4xx5d905MaWViuIDCS+WHo35umQDoD6pAsRZHpK2QgCCzyp 6EU1XBPyToNQMpU/JeeYWM3OP2TQ4UzpFaySDk+OD+4uV9e5evCaY6YiA5kUkF06 cr6vAZYNn17qn3k29MEA2GLW0LJwVtG3vrdKU2wBYZcXTMJIgDmiZa+vlLUYUV03 yVrLLcl/DHvW4ekLgzFaSh5nGbxlAAFmq32RmcwmH89ltTFTnJBVaTnf3C8sHr5j M/RNpfY3vFPAqeFui/9tOf3TGqN/AXJ7hHRLd8COm2IQKu6P/AdIK5Bnnn8CeJsH dkPaZvsgtt7HWpNGeRZ7 =sdvF -----END PGP SIGNATURE-----
- [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-… Peter Saint-Andre
- Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dns… Simon Tennant
- Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dns… Philipp Hancke
- [xmpp] Questions on POSH (WAS: Fwd: I-D Action: d… Matt Miller (mamille2)
- Re: [xmpp] Questions on POSH (WAS: Fwd: I-D Actio… Peter Saint-Andre
- Re: [xmpp] I-D Action: draft-miller-xmpp-dnssec-p… Florian Jensen
- Re: [xmpp] Questions on POSH (WAS: Fwd: I-D Actio… Florian Jensen