Re: [xmpp] Fwd: New Version Notification for draft-saintandre-xmpp-tls-04.txt
Dave Cridland <dave@cridland.net> Mon, 27 January 2014 17:39 UTC
Return-Path: <dave@cridland.net>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CD261A0256 for <xmpp@ietfa.amsl.com>; Mon, 27 Jan 2014 09:39:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N00j7_uDXHpf for <xmpp@ietfa.amsl.com>; Mon, 27 Jan 2014 09:39:34 -0800 (PST)
Received: from mail-oa0-x230.google.com (mail-oa0-x230.google.com [IPv6:2607:f8b0:4003:c02::230]) by ietfa.amsl.com (Postfix) with ESMTP id EFFD61A0153 for <xmpp@ietf.org>; Mon, 27 Jan 2014 09:39:33 -0800 (PST)
Received: by mail-oa0-f48.google.com with SMTP id l6so7067375oag.35 for <xmpp@ietf.org>; Mon, 27 Jan 2014 09:39:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cridland.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=yKmQ/q93g19kqq1pMnevtac2q73VRQECG5hTGnTG2S0=; b=NqhBgG0Ker029qamOdLdvKtlfQRZLgq2UNq41/r3piWo8Q1U90k1Q0xIerWDs9Bk03 fR4QkFjN24yTx0EVFpZwcjbQqXxzOL/yUdIZpUimhqhyvFwGxIlSxI6Q5VdWSQOMSHTx Y79yrJX5PBCmbTK7dT8trwfnZu1PC9HhU7CUM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=yKmQ/q93g19kqq1pMnevtac2q73VRQECG5hTGnTG2S0=; b=HoTjuc4++YzwkojrK9Mj0ktChWFugG87U1uIhVZ3CYo70sDnIBKvNJ50lFClApyeau 8uT/JaOXlAHjtTz8D8MsCyUQ0LpWevFfgmukXuYHKX9PC46jEw+zoYXqm9C6F9YCqgJn HCicpkUd1A69H4syWXCqAacBhrBPvMH53+E1uQyhbOm/idFMAgT1+S5ysnuCR0n5lpAd fQqxsWUc+lyJVlxLvFA0SX4YuUsoDy+fBhlzblP3LlJOhMS5r3FPCgsYEzFjusl0G2zG 1aPBxRSW6FlSqoqcY3j03K7AWCOdAFgxWhjzqK1W7AhWh7bnvRe1r0gUoTscwO3LfzsR taGg==
X-Gm-Message-State: ALoCoQlE8CTW1sUFtceDvgr7vDn9YeJ2ikq6JZmTa+dAScqttun/FXgeLk6rbeCeMj0ughN8kYh5
MIME-Version: 1.0
X-Received: by 10.182.103.133 with SMTP id fw5mr2556067obb.43.1390844371485; Mon, 27 Jan 2014 09:39:31 -0800 (PST)
Received: by 10.60.55.138 with HTTP; Mon, 27 Jan 2014 09:39:31 -0800 (PST)
In-Reply-To: <52E1CA26.5000901@stpeter.im>
References: <20140123212619.17519.66257.idtracker@ietfa.amsl.com> <52E1CA26.5000901@stpeter.im>
Date: Mon, 27 Jan 2014 17:39:31 +0000
Message-ID: <CAKHUCzynCH+dpy-KYufv8z5Lgg4rW-nB-rv5kXqhABxwTtzNeg@mail.gmail.com>
From: Dave Cridland <dave@cridland.net>
To: Peter Saint-Andre <stpeter@stpeter.im>
Content-Type: multipart/alternative; boundary="089e01184702b4c20704f0f73052"
Cc: XMPP Working Group <xmpp@ietf.org>
Subject: Re: [xmpp] Fwd: New Version Notification for draft-saintandre-xmpp-tls-04.txt
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2014 17:39:36 -0000
I read through this (or rather, read through the diff2). Two points: 1) I noticed you've changed SSLv3 and TLSv1.0 from SHOULD NOT to MAY. I don't think we really want to be suggesting that SSLv3 in particular is a neutral decision; I think, though, that offering it as a server is reasonable. Is it worth splitting the requirement levels between initiator and receiver, something like: XMPP implementations MAY offer SSLv3 in the receiving role, however SHOULD NOT negotiate it in the initiating role, preferring later versions. I'm not so sure about the TLSv1.0 levels, I'll defer to more cryptographically minded folk on that one. 2) For Security Considerations: It's trivial for an attacker to observe data between two servers, and given the lack of obfuscation, it'd be fairly trivial to handle stanza counts. If all the hops are under scrutiny, then it's fairly easy to observe the stanzas on each hop and establish who is talking to whom. If you'd like some "proper RFC" text for this I can think on it (but I'm travelling shortly as you know). On Fri, Jan 24, 2014 at 2:04 AM, Peter Saint-Andre <stpeter@stpeter.im>wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I added a bit to the security considerations... > > > - -------- Original Message -------- > Subject: New Version Notification for draft-saintandre-xmpp-tls-04.txt > Date: Thu, 23 Jan 2014 13:26:19 -0800 > From: internet-drafts@ietf.org > To: Peter Saint-Andre <ietf@stpeter.im>, Peter Saint-Andre > <ietf@stpeter.im> > > > A new version of I-D, draft-saintandre-xmpp-tls-04.txt > has been successfully submitted by Peter Saint-Andre and posted to the > IETF repository. > > Name: draft-saintandre-xmpp-tls > Revision: 04 > Title: Use of Transport Layer Security (TLS) in the Extensible > Messaging and Presence Protocol (XMPP) > Document date: 2014-01-23 > Group: Individual Submission > Pages: 10 > URL: > http://www.ietf.org/internet-drafts/draft-saintandre-xmpp-tls-04.txt > Status: > https://datatracker.ietf.org/doc/draft-saintandre-xmpp-tls/ > Htmlized: http://tools.ietf.org/html/draft-saintandre-xmpp-tls-04 > Diff: > http://www.ietf.org/rfcdiff?url2=draft-saintandre-xmpp-tls-04 > > Abstract: > This document provides recommendations for the use of Transport Layer > Security (TLS) in the Extensible Messaging and Presence Protocol > (XMPP). This document updates RFC 6120. > > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBAgAGBQJS4colAAoJEOoGpJErxa2pfKoP/As9w5Jl/R0usCA7u69hKJKw > Ct8E3LL0HHz3kMLKKPlTrL7+qCqNXK2yKI5yfRbcBeg/0D2cUOtnNwhZPO+rFzWH > K3q3A6zf/o+tLvw8ISPFDsrd1eXESNDBA620tieVEbJyT016+TuEHq/do9UDNnfW > usyfPxutvFjI9hCgMNsR8FvIfFsiuKDUNxfGx+x6n4twIUSK5VRJlF4kbMVdATzz > eypsFBTk+Y7WCRowPguUvqMURvoGiL3pqAXF5+DxzwobGlbpQh0kZlV+oiYHPksb > d5uc1BYltcqbrC/vOoHOvA8sa7B49ZceqqcFYtb1NnTSlWzf+QPQi4FU2nRVK0zL > 8SfJcX3ISeg4NJJBnJtiR1+wdkk8LduIqUfIcFoG03c/UBgARs8ukmgNMUqEI1bH > dLQiYTdhD0MfQ2OmDcxaIpK56TNdn14aXG5nPCTd3ogA3Yx9IyxsA9fUF/nmvYkN > cgszi2bG392S8AcAefXvu0QRg2wj38o8jQrE0yKfWjCKflIlbwOmnZ0pteFSFFpO > XdUTZs0t3p9emcehoSZgX2KjigtI6PzH+cMl4vR2WLjtydz1bpDz0hltHGBTBEdb > BoxTWqCTtcImKBhymrcnkgrFWl6RH74C4iMpxawUL7fSh7woJ9prsuQ5MVAs6r0z > OWh3sy4JLxSXXztvVE9C > =BwqQ > -----END PGP SIGNATURE----- > _______________________________________________ > xmpp mailing list > xmpp@ietf.org > https://www.ietf.org/mailman/listinfo/xmpp >
- [xmpp] Fwd: New Version Notification for draft-sa… Peter Saint-Andre
- Re: [xmpp] Fwd: New Version Notification for draf… Dave Cridland