[xmpp] Last Call: <draft-ietf-xmpp-posh-04.txt> (PKIX over Secure HTTP (POSH)) to Proposed Standard

The IESG <iesg-secretary@ietf.org> Wed, 24 June 2015 21:00 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id B2EFE1B2E00; Wed, 24 Jun 2015 14:00:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id wLkiRvj04zLD; Wed, 24 Jun 2015 14:00:01 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 570FA1B2DED; Wed, 24 Jun 2015 14:00:01 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.0.4
Auto-Submitted: auto-generated
Precedence: bulk
Sender: iesg-secretary@ietf.org
Message-ID: <20150624210001.5814.64595.idtracker@ietfa.amsl.com>
Date: Wed, 24 Jun 2015 14:00:01 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/xmpp/Iw-kfw6SkuEYIHLkgpujhiwRX1I>
Cc: xmpp@ietf.org
Subject: [xmpp] Last Call: <draft-ietf-xmpp-posh-04.txt> (PKIX over Secure HTTP (POSH)) to Proposed Standard
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: ietf@ietf.org
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jun 2015 21:00:02 -0000

The IESG has received a request from the Extensible Messaging and
Presence Protocol WG (xmpp) to consider the following document:
- 'PKIX over Secure HTTP (POSH)'
  <draft-ietf-xmpp-posh-04.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2015-07-08. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.


   Experience has shown that it is extremely difficult to deploy proper
   PKIX certificates for TLS in multi-tenanted environments.  As a
   result, domains hosted in such environments often deploy applications
   using certificates that identify the hosting service, not the hosted
   domain.  Such deployments force end users and peer services to accept
   a certificate with an improper identifier, resulting in obvious
   security implications.  This document defines two methods that make
   it easier to deploy certificates for proper server identity checking
   in non-HTTP application protocols.  While these methods developed for
   use in the Extensible Messaging and Presence Protocol (XMPP) as a
   Domain Name Association (DNA) prooftype, they might also be usable in
   other non-HTTP application protocols.

The file can be obtained via

IESG discussion can be tracked via

No IPR declarations have been submitted directly on this I-D.