[xmpp] Fwd: [dane] DANE XMPP s2s implementation
Kim Alvefur <zash@zash.se> Mon, 10 March 2014 14:51 UTC
Return-Path: <zash@zash.se>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3893D1A043E for <xmpp@ietfa.amsl.com>; Mon, 10 Mar 2014 07:51:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XTg_zwv13Z7w for <xmpp@ietfa.amsl.com>; Mon, 10 Mar 2014 07:51:31 -0700 (PDT)
Received: from mail.zash.se (sphyrna.zash.se [IPv6:2001:470:28:559::]) by ietfa.amsl.com (Postfix) with ESMTP id 4E3F31A0434 for <xmpp@ietf.org>; Mon, 10 Mar 2014 07:51:31 -0700 (PDT)
Received: from [IPv6:2001:16d8:ffc6:0:b1f7:63b9:e8ad:8e70] (unknown [IPv6:2001:16d8:ffc6:0:b1f7:63b9:e8ad:8e70]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: zash) by mail.zash.se (Postfix) with ESMTPSA id 5F56260C58 for <xmpp@ietf.org>; Mon, 10 Mar 2014 15:51:25 +0100 (CET)
Message-ID: <531DD16C.2000204@zash.se>
Date: Mon, 10 Mar 2014 15:51:24 +0100
From: Kim Alvefur <zash@zash.se>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: XMPP WG <xmpp@ietf.org>
References: <531DD129.9020305@zash.se>
In-Reply-To: <531DD129.9020305@zash.se>
X-Enigmail-Version: 1.6
OpenPGP: id=B67AD329; url=http://zash.se/~zash/pubkey.asc
X-Forwarded-Message-Id: <531DD129.9020305@zash.se>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="LP336Q9bG2VHQT0mfsjb7xlPIAP1eNt6c"
Archived-At: http://mailarchive.ietf.org/arch/msg/xmpp/Mj_mtxs4-TJYYQcyWFFapyIKspM
Subject: [xmpp] Fwd: [dane] DANE XMPP s2s implementation
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Mar 2014 14:51:33 -0000
Also relevant here. -------- Original Message -------- Subject: [dane] DANE XMPP s2s implementation Date: Mon, 10 Mar 2014 15:50:17 +0100 From: Kim Alvefur <zash@zash.se> To: DANE WG <dane@ietf.org> Hi, Everyone back (and recovered) from IETF89? Much interesting, such people, very discussions, wow. So I have an experimental DANE implementation for server-to-server connections in the Prosody XMPP server. It's currently only doing DANE-EE and PKIX-EE. The TA variants are trickier, especially DANE-TA, so I have left them out for now. LuaSec, the OpenSSL to Lua binding we use, doesn't currently expose anything for validating some random chain. It also includes an attempt at doing something for authenticating the client certificate on incoming connections, by looking for a TLSA record at the same name as for SRV, eg _xmpp-server._tcp.example.com. Comments about this would be appreciated. Info: http://code.google.com/p/prosody-modules/wiki/mod_s2s_auth_dane Code: http://code.google.com/p/prosody-modules/source/browse/mod_s2s_auth_dane/mod_s2s_auth_dane.lua -- Regards, Kim "Zash" Alvefur
- [xmpp] Fwd: [dane] DANE XMPP s2s implementation Kim Alvefur
- [xmpp] Fwd: Re: [dane] DANE XMPP s2s implementati… Peter Saint-Andre