Re: [xmpp] I-D Action: draft-ietf-xmpp-posh-01.txt

Matt Miller <mamille2@cisco.com> Fri, 20 June 2014 03:50 UTC

Return-Path: <mamille2@cisco.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B7021A01CA for <xmpp@ietfa.amsl.com>; Thu, 19 Jun 2014 20:50:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.131
X-Spam-Level:
X-Spam-Status: No, score=-14.131 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9_8dzKUQY0QT for <xmpp@ietfa.amsl.com>; Thu, 19 Jun 2014 20:50:36 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFD9B1A01C8 for <xmpp@ietf.org>; Thu, 19 Jun 2014 20:50:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3524; q=dns/txt; s=iport; t=1403236235; x=1404445835; h=message-id:date:from:mime-version:cc:subject:references: in-reply-to:content-transfer-encoding; bh=L1aC7Au8WgxhgZycmpBA6t6gI3jxOcmVYn8Sn816htQ=; b=P/0WMCPrv+fGcC9BoymlKUkv0EfjBJFVtHc31xftdLBbJ0qO4/VwT/Na H5+V04brADLaglIm+VFXrrAWWR9UVQf2xFc2G7VOZMy+UNgL1BmnN2x3b bJTPn0Q1LN7GDquhYLfTMoJFKbZomihql0UyLuoVja+EPFTYK8yS7Q2Cm g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArsSAD2vo1OtJV2d/2dsb2JhbABPAQmDDVJTB6ocAQEBAQEBBQGZKQElZxZ1g3sIAQEBBHgBEAsYCRYPCQMCAQIBRRMBAwICAQEFhW2CTAgFzDoXhWKIMgYBCgEdMweDBoE9BIoFOpAEgUOSFYNhIoE2OQ
X-IronPort-AV: E=Sophos;i="5.01,511,1400025600"; d="scan'208";a="54600051"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-5.cisco.com with ESMTP; 20 Jun 2014 03:50:27 +0000
Received: from xhc-rcd-x05.cisco.com (xhc-rcd-x05.cisco.com [173.37.183.79]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id s5K3oRWs011292 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <xmpp@ietf.org>; Fri, 20 Jun 2014 03:50:27 GMT
Received: from MAMILLE2-M-T03K.CISCO.COM (10.89.15.187) by xhc-rcd-x05.cisco.com (173.37.183.79) with Microsoft SMTP Server (TLS) id 14.3.123.3; Thu, 19 Jun 2014 22:50:26 -0500
Message-ID: <53A3AF81.5010102@cisco.com>
Date: Thu, 19 Jun 2014 21:50:25 -0600
From: Matt Miller <mamille2@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
CC: <xmpp@ietf.org>
References: <20140620034038.16277.78785.idtracker@ietfa.amsl.com>
In-Reply-To: <20140620034038.16277.78785.idtracker@ietfa.amsl.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.89.15.187]
Archived-At: http://mailarchive.ietf.org/arch/msg/xmpp/Jsfc5g2p9Oq9eaHPyKYqv4qT9TQ
Subject: Re: [xmpp] I-D Action: draft-ietf-xmpp-posh-01.txt
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jun 2014 03:50:38 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 6/19/14, 9:40 PM, internet-drafts@ietf.org wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories. This draft is a work item of the Extensible Messaging
> and Presence Protocol Working Group of the IETF.
> 
> Title           : PKIX over Secure HTTP (POSH) Authors         :
> Matthew Miller Peter Saint-Andre Filename        :
> draft-ietf-xmpp-posh-01.txt Pages           : 14 Date            :
> 2014-06-19
> 
> Abstract: Experience has shown that it is extremely difficult to
> deploy proper PKIX certificates for TLS in multi-tenanted
> environments, since certification authorities will not issue
> certificates for hosted domains to hosting services, hosted domains
> do not want hosting services to hold their private keys, and
> hosting services wish to avoid liability for holding those keys.
> As a result, domains hosted in multi-tenanted environments often
> deploy non-HTTP applications such as email and instant messaging
> using certificates that identify the hosting service, not the
> hosted domain.  Such deployments force end users and peer services
> to accept a certificate with an improper identifier, resulting in
> obvious security implications.  This document defines two methods
> that make it easier to deploy certificates for proper server
> identity checking in non-HTTP application protocols.  The first
> method enables the TLS client associated with a user agent or peer
> application server to obtain the end-entity certificate of a hosted
> domain over secure HTTP as an alternative to standard PKIX
> techniques.  The second method enables a hosted domain to securely
> delegate a non-HTTP application to a hosting service using
> redirects provided by HTTPS itself or by a pointer in a file served
> over HTTPS at the hosted domain.  While this approach was developed
> for use in the Extensible Messaging and Presence Protocol (XMPP) as
> a Domain Name Association prooftype, it can be applied to any
> non-HTTP application protocol.
> 
> 
> The IETF datatracker status page for this draft is: 
> https://datatracker.ietf.org/doc/draft-ietf-xmpp-posh/
> 
> There's also a htmlized version available at: 
> http://tools.ietf.org/html/draft-ietf-xmpp-posh-01
> 
> A diff from the previous version is available at: 
> http://www.ietf.org/rfcdiff?url2=draft-ietf-xmpp-posh-01
> 
> 
> Please note that it may take a couple of minutes from the time of
> submission until the htmlized version and diff are available at
> tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at: 
> ftp://ftp.ietf.org/internet-drafts/
> 

This revision changes the "by value" document from JWK-set to the
fingerprints expressed in a previous email.


- -- 
- - m&m

Matt Miller < mamille2@cisco.com >
Cisco Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCgAGBQJTo6+BAAoJEDWi+S0W7cO1aY4H/1r68xg0dZe66Rs1CpkZzWZF
OU+R9rwGJcJF7MzZiDeZVHXV/gP/3eBVeOIozstddQn6j1Re7YyOVULisq+vC6+z
na8Gqa7W4LyqAE3ppp9rrzSGLNAZVKNIMUn7Wfhtl+ZwgPGWlFmCQsGaTijwjUln
DBzur4rbDpRZNkoyBk9qOMQHhxaJfdgHKpz2vMNgKxILSVgTo9MuuvgSSAXGK9gO
2hwxsBs8dwFYUKvIWVyfIK1tQg9pNAWZFJ9E91Ra4yAMBR1+7L3dnx2cDVpxISWw
+9QeTArWVLRPJpZ+Gk4JE8zdkWGYs5pwR/LT9g1fu+/nt+eGOzvkyf8jcaWWgR0=
=FRbW
-----END PGP SIGNATURE-----