Re: [xmpp] Questions on POSH (WAS: Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-03.txt]
Florian Jensen <admin@flosoft.biz> Wed, 13 February 2013 22:10 UTC
Return-Path: <admin@flosoft.biz>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD78621F86F0 for <xmpp@ietfa.amsl.com>; Wed, 13 Feb 2013 14:10:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.988
X-Spam-Level:
X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_NET=0.611]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2NG8jupbOm8D for <xmpp@ietfa.amsl.com>; Wed, 13 Feb 2013 14:10:49 -0800 (PST)
Received: from core1.flosoft-servers.net (flosoft.biz [178.33.33.198]) by ietfa.amsl.com (Postfix) with ESMTP id 7132021F86AF for <xmpp@ietf.org>; Wed, 13 Feb 2013 14:10:49 -0800 (PST)
X-No-Relay: not in my network
X-No-Relay: not in my network
Received: from [IPv6:2001:470:9274::6c2f:d151:4f4b:56] (unknown [IPv6:2001:470:9274:0:6c2f:d151:4f4b:56]) by core1.flosoft-servers.net (Postfix) with ESMTPSA id 7F673416931; Wed, 13 Feb 2013 23:12:02 +0100 (CET)
Content-Type: multipart/signed; boundary="Apple-Mail=_960CB758-3583-4FF8-BA32-54C074312AA9"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Florian Jensen <admin@flosoft.biz>
In-Reply-To: <511BC1FC.6040202@stpeter.im>
Date: Wed, 13 Feb 2013 22:09:56 +0000
Message-Id: <4C07E5BE-8D07-4036-9068-6C3FD3E77BC1@flosoft.biz>
References: <20130110184432.5134.57184.idtracker@ietfa.amsl.com> <50EF71A4.1050606@stpeter.im> <CACEE+iPix6zGpFDC0KAOyR+33_2wdzPtyiFTDn7di7-T6vZKqw@mail.gmail.com> <BF7E36B9C495A6468E8EC573603ED94115135FCB@xmb-aln-x11.cisco.com> <511BC1FC.6040202@stpeter.im>
To: Peter Saint-Andre <stpeter@stpeter.im>
X-Mailer: Apple Mail (2.1499)
Cc: XMPP Working Group <xmpp@ietf.org>
Subject: Re: [xmpp] Questions on POSH (WAS: Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-03.txt]
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2013 22:10:50 -0000
Hi, for 'us webhosts' I believe that DNSSEC is the way forward for secure federation. It's simple and straight forward for us and customers. If you want secure federation, get DNSSEC enabled on your domain. Done. My 2 cents. Florian On 13 Feb 2013, at 16:40, Peter Saint-Andre <stpeter@stpeter.im> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 2/13/13 8:45 AM, Matt Miller (mamille2) wrote: > >> If POSH doesn't work for you, then I guess you don't deploy it. > > Exactly. The idea behind DNA is that we have a "framework" for proving > the validity of a server-to-server connection, with (initially) three > different prooftypes: > > 1. PKI (RFC 6120 / RFC 6125) > > 2. DNSSEC (draft-miller-xmpp-dnssec-prooftype) > > 3. POSH (draft-miller-xmpp-posh-prooftype) > > Simon / Florian, we'd appreciate your feedback on the whole system > here. Is one of those prooftypes deployable? Maybe two in some > circumstances or for some customers? Matt and I added POSH to the mix > because of difficulties with PKI and DNSSEC in many scenarios. Our > hope is that, for hosting providers and customers who care about > having secure s2s connections, at least one of the prooftypes would > work. If that's not the case, then we might need to think about > defining additional prooftypes (possibilities include some kind of > ticket system a la OAuth, TLS with PGP as in RFC 6091, and other > things that might or might not be easy to implement to deploy either). > But we'll want to make sure that in any given deployment scenario at > least one of the prooftypes is a reasonable approach. > > Peter > > - -- > Peter Saint-Andre > https://stpeter.im/ > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.18 (Darwin) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBAgAGBQJRG8H7AAoJEOoGpJErxa2pxpwQAKR4jXvopHo8pS8vvWk3dVB3 > 2/cJIoEhQjc+OvopFg17ck8T8azErE29cctWfnztocPV+63K4tsSepDI14MnkzoC > HqwHOx7MnZpud6VBpvlHErpyT3S6Ch9AFjrBgodP7fG34JrOUe5ikWhz1XtJII86 > 2en0sfIe5QnYhJqF3+F8GoaimcUXK21EG3x5sM3gKswXLt5uBhFW5zk9mE1PlUOK > lRJWZHSCCceUv/Ry//e07hIblog+vsY59q9rRHjlsLpeGbzoZ+OBLbtixQh1fLuf > XzZYNDSyKs/p2p9w9iOqw7RuefqDa8jKe2l2wSwqY77WWWe2V+lbeCHI6XlH4j2/ > 0p7hyFsRWshne6h1b4xx5d905MaWViuIDCS+WHo35umQDoD6pAsRZHpK2QgCCzyp > 6EU1XBPyToNQMpU/JeeYWM3OP2TQ4UzpFaySDk+OD+4uV9e5evCaY6YiA5kUkF06 > cr6vAZYNn17qn3k29MEA2GLW0LJwVtG3vrdKU2wBYZcXTMJIgDmiZa+vlLUYUV03 > yVrLLcl/DHvW4ekLgzFaSh5nGbxlAAFmq32RmcwmH89ltTFTnJBVaTnf3C8sHr5j > M/RNpfY3vFPAqeFui/9tOf3TGqN/AXJ7hHRLd8COm2IQKu6P/AdIK5Bnnn8CeJsH > dkPaZvsgtt7HWpNGeRZ7 > =sdvF > -----END PGP SIGNATURE----- > _______________________________________________ > xmpp mailing list > xmpp@ietf.org > https://www.ietf.org/mailman/listinfo/xmpp
- [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-… Peter Saint-Andre
- Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dns… Simon Tennant
- Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dns… Philipp Hancke
- [xmpp] Questions on POSH (WAS: Fwd: I-D Action: d… Matt Miller (mamille2)
- Re: [xmpp] Questions on POSH (WAS: Fwd: I-D Actio… Peter Saint-Andre
- Re: [xmpp] I-D Action: draft-miller-xmpp-dnssec-p… Florian Jensen
- Re: [xmpp] Questions on POSH (WAS: Fwd: I-D Actio… Florian Jensen