[xmpp] AD Evaluation of draft-ietf-xmpp-dna-10

"Ben Campbell" <ben@nostrum.com> Wed, 24 June 2015 20:17 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id CBA381B2DAC for <xmpp@ietfa.amsl.com>; Wed, 24 Jun 2015 13:17:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id hrVxuRemvGCT for <xmpp@ietfa.amsl.com>; Wed, 24 Jun 2015 13:17:04 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35A301B2DB0 for <xmpp@ietf.org>; Wed, 24 Jun 2015 13:17:01 -0700 (PDT)
Received: from [] (cpe-70-119-203-4.tx.res.rr.com []) (authenticated bits=0) by nostrum.com (8.15.1/8.14.9) with ESMTPSA id t5OKGnLV095333 (version=TLSv1 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 24 Jun 2015 15:17:00 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-119-203-4.tx.res.rr.com [] claimed to be []
From: "Ben Campbell" <ben@nostrum.com>
To: draft-ietf-xmpp-dna.all@tools.ietf.org, "XMPP Working Group" <xmpp@ietf.org>
Date: Wed, 24 Jun 2015 15:16:49 -0500
Message-ID: <AAD102C6-53B3-440D-B265-83F8E726BB5D@nostrum.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.1r5084)
Archived-At: <http://mailarchive.ietf.org/arch/msg/xmpp/L9clSz4BUZq3cm_DBsCXeRGbR3E>
Subject: [xmpp] AD Evaluation of draft-ietf-xmpp-dna-10
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jun 2015 20:17:06 -0000


Here is my AD Evaluation of draft-ietf-xmpp-dna-10. I have a few minor 
comments, but nothing that needs to delay the last call.



-- Section 4.1:

Does the "(Section 4.3: No Mutual PKIX authentication)" belong where it 
is, or before the first dialback assertion?

-- 4.3, step 6:

Do I understand correctly that this step involves A sending a valid and 
trusted server cert, when it was previously unable to send a valid and 
trusted client cert? Is that a reasonable assumption? Whether yes or no, 
does it deserve a mention in the text? (It's likely I am missing 
something that should be obvious.)

-- step 7:

The reference to xep-0344 is informative. Should it be normative? If 
not, then perhaps a stronger mention of skipping subsequent steps should 
be included here? (it’s only mentioned in terms of the reference.)

-- 4.4.1, steps 3 and later:

The text says that A sends an initial stream header to B. Should that be 
considered B or C for the rest of the flow? I guess in the example, 
B==C, but is that required? (perhaps B and C coordinate dialback keys?) 
Maybe it doesn't matter from A's perspective.