[xmpp] Commonality of proof types
"Richard L. Barnes" <rbarnes@bbn.com> Wed, 28 March 2012 14:12 UTC
Return-Path: <rbarnes@bbn.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62F2F21E825D for <xmpp@ietfa.amsl.com>; Wed, 28 Mar 2012 07:12:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.541
X-Spam-Level:
X-Spam-Status: No, score=-106.541 tagged_above=-999 required=5 tests=[AWL=0.058, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XVvC35b5qChE for <xmpp@ietfa.amsl.com>; Wed, 28 Mar 2012 07:12:54 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 97B2421E8227 for <xmpp@ietf.org>; Wed, 28 Mar 2012 07:12:54 -0700 (PDT)
Received: from [128.89.255.35] (port=59923 helo=neutrino.local) by smtp.bbn.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1SCtc8-000Kte-S4 for xmpp@ietf.org; Wed, 28 Mar 2012 10:12:40 -0400
Message-ID: <4F731C64.3000209@bbn.com>
Date: Wed, 28 Mar 2012 16:12:52 +0200
From: "Richard L. Barnes" <rbarnes@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0) Gecko/20120313 Thunderbird/11.0
MIME-Version: 1.0
To: "xmpp@ietf.org" <xmpp@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [xmpp] Commonality of proof types
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 14:12:55 -0000
Just musing on what proof types look like... During the DANE process, Adam Langley proposed a way to serialize "DNSSEC chains" [1]. Basically, you write a file with all the DNS records you need to chain back from some record to the root. I wonder if this would be a nice format for the .well-known proof type. For domains that support DNSSEC, at least to the level of having a DS, this approach has the advantage of not depending on HTTPS for security. After all, relying on HTTPS for our proof type is just kicking the can from a domain where we're not comfortable with hosting providers having certs in their clients' names (XMPP) to one where we are (HTTP). Domains that don't support DNSSEC won't be able to construct a chain all the way back to the root, but it seems like we could specify that in that case, you just provision the chain as far up as you can (or just put in a DANE record), and rely on HTTPS. At least it provides a smooth path forward as more people deploy DNSSEC. And in any case, there are already open-source encoding and validation tools available [2]. Just a thought, --Richard [1] <http://tools.ietf.org/html/draft-agl-dane-serializechain-01> [2] <http://www.imperialviolet.org/2011/06/16/dnssecchrome.html>
- [xmpp] Commonality of proof types Richard L. Barnes
- Re: [xmpp] Commonality of proof types Dave Cridland
- Re: [xmpp] Commonality of proof types Richard L. Barnes
- Re: [xmpp] Commonality of proof types Matt Miller