Re: [xmpp] I-D Action: draft-ietf-xmpp-posh-01.txt
Matt Miller <mamille2@cisco.com> Fri, 20 June 2014 03:50 UTC
Return-Path: <mamille2@cisco.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B7021A01CA for <xmpp@ietfa.amsl.com>; Thu, 19 Jun 2014 20:50:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.131
X-Spam-Level:
X-Spam-Status: No, score=-14.131 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9_8dzKUQY0QT for <xmpp@ietfa.amsl.com>; Thu, 19 Jun 2014 20:50:36 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFD9B1A01C8 for <xmpp@ietf.org>; Thu, 19 Jun 2014 20:50:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3524; q=dns/txt; s=iport; t=1403236235; x=1404445835; h=message-id:date:from:mime-version:cc:subject:references: in-reply-to:content-transfer-encoding; bh=L1aC7Au8WgxhgZycmpBA6t6gI3jxOcmVYn8Sn816htQ=; b=P/0WMCPrv+fGcC9BoymlKUkv0EfjBJFVtHc31xftdLBbJ0qO4/VwT/Na H5+V04brADLaglIm+VFXrrAWWR9UVQf2xFc2G7VOZMy+UNgL1BmnN2x3b bJTPn0Q1LN7GDquhYLfTMoJFKbZomihql0UyLuoVja+EPFTYK8yS7Q2Cm g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArsSAD2vo1OtJV2d/2dsb2JhbABPAQmDDVJTB6ocAQEBAQEBBQGZKQElZxZ1g3sIAQEBBHgBEAsYCRYPCQMCAQIBRRMBAwICAQEFhW2CTAgFzDoXhWKIMgYBCgEdMweDBoE9BIoFOpAEgUOSFYNhIoE2OQ
X-IronPort-AV: E=Sophos;i="5.01,511,1400025600"; d="scan'208";a="54600051"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-5.cisco.com with ESMTP; 20 Jun 2014 03:50:27 +0000
Received: from xhc-rcd-x05.cisco.com (xhc-rcd-x05.cisco.com [173.37.183.79]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id s5K3oRWs011292 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <xmpp@ietf.org>; Fri, 20 Jun 2014 03:50:27 GMT
Received: from MAMILLE2-M-T03K.CISCO.COM (10.89.15.187) by xhc-rcd-x05.cisco.com (173.37.183.79) with Microsoft SMTP Server (TLS) id 14.3.123.3; Thu, 19 Jun 2014 22:50:26 -0500
Message-ID: <53A3AF81.5010102@cisco.com>
Date: Thu, 19 Jun 2014 21:50:25 -0600
From: Matt Miller <mamille2@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
CC: xmpp@ietf.org
References: <20140620034038.16277.78785.idtracker@ietfa.amsl.com>
In-Reply-To: <20140620034038.16277.78785.idtracker@ietfa.amsl.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.89.15.187]
Archived-At: http://mailarchive.ietf.org/arch/msg/xmpp/Jsfc5g2p9Oq9eaHPyKYqv4qT9TQ
Subject: Re: [xmpp] I-D Action: draft-ietf-xmpp-posh-01.txt
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jun 2014 03:50:38 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 6/19/14, 9:40 PM, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. This draft is a work item of the Extensible Messaging > and Presence Protocol Working Group of the IETF. > > Title : PKIX over Secure HTTP (POSH) Authors : > Matthew Miller Peter Saint-Andre Filename : > draft-ietf-xmpp-posh-01.txt Pages : 14 Date : > 2014-06-19 > > Abstract: Experience has shown that it is extremely difficult to > deploy proper PKIX certificates for TLS in multi-tenanted > environments, since certification authorities will not issue > certificates for hosted domains to hosting services, hosted domains > do not want hosting services to hold their private keys, and > hosting services wish to avoid liability for holding those keys. > As a result, domains hosted in multi-tenanted environments often > deploy non-HTTP applications such as email and instant messaging > using certificates that identify the hosting service, not the > hosted domain. Such deployments force end users and peer services > to accept a certificate with an improper identifier, resulting in > obvious security implications. This document defines two methods > that make it easier to deploy certificates for proper server > identity checking in non-HTTP application protocols. The first > method enables the TLS client associated with a user agent or peer > application server to obtain the end-entity certificate of a hosted > domain over secure HTTP as an alternative to standard PKIX > techniques. The second method enables a hosted domain to securely > delegate a non-HTTP application to a hosting service using > redirects provided by HTTPS itself or by a pointer in a file served > over HTTPS at the hosted domain. While this approach was developed > for use in the Extensible Messaging and Presence Protocol (XMPP) as > a Domain Name Association prooftype, it can be applied to any > non-HTTP application protocol. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-xmpp-posh/ > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-xmpp-posh-01 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-xmpp-posh-01 > > > Please note that it may take a couple of minutes from the time of > submission until the htmlized version and diff are available at > tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > This revision changes the "by value" document from JWK-set to the fingerprints expressed in a previous email. - -- - - m&m Matt Miller < mamille2@cisco.com > Cisco Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJTo6+BAAoJEDWi+S0W7cO1aY4H/1r68xg0dZe66Rs1CpkZzWZF OU+R9rwGJcJF7MzZiDeZVHXV/gP/3eBVeOIozstddQn6j1Re7YyOVULisq+vC6+z na8Gqa7W4LyqAE3ppp9rrzSGLNAZVKNIMUn7Wfhtl+ZwgPGWlFmCQsGaTijwjUln DBzur4rbDpRZNkoyBk9qOMQHhxaJfdgHKpz2vMNgKxILSVgTo9MuuvgSSAXGK9gO 2hwxsBs8dwFYUKvIWVyfIK1tQg9pNAWZFJ9E91Ra4yAMBR1+7L3dnx2cDVpxISWw +9QeTArWVLRPJpZ+Gk4JE8zdkWGYs5pwR/LT9g1fu+/nt+eGOzvkyf8jcaWWgR0= =FRbW -----END PGP SIGNATURE-----
- [xmpp] I-D Action: draft-ietf-xmpp-posh-01.txt internet-drafts
- Re: [xmpp] I-D Action: draft-ietf-xmpp-posh-01.txt Matt Miller