Re: [xmpp] Stephen Farrell's No Objection on draft-ietf-xmpp-dna-10: (with COMMENT)

Kim Alvefur <zash@zash.se> Sat, 08 August 2015 16:25 UTC

Return-Path: <zash@zash.se>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71F9A1A8AAD for <xmpp@ietfa.amsl.com>; Sat, 8 Aug 2015 09:25:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.348
X-Spam-Level:
X-Spam-Status: No, score=0.348 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a3reBsFdfDLb for <xmpp@ietfa.amsl.com>; Sat, 8 Aug 2015 09:25:19 -0700 (PDT)
Received: from mail.zash.se (ip66.hethane.riksnet.nu [85.11.25.66]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 016701A8A60 for <xmpp@ietf.org>; Sat, 8 Aug 2015 09:25:18 -0700 (PDT)
Received: from [IPv6:2001:470:def1:0:3402:83ad:1122:fedb] (unknown [IPv6:2001:470:def1:0:3402:83ad:1122:fedb]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: zash) by mail.zash.se (Postfix) with ESMTPSA id 9319163405 for <xmpp@ietf.org>; Sat, 8 Aug 2015 18:25:14 +0200 (CEST)
Message-ID: <55C62D65.8030802@zash.se>
Date: Sat, 08 Aug 2015 18:25:09 +0200
From: Kim Alvefur <zash@zash.se>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: xmpp@ietf.org
References: <20150805150225.15925.93150.idtracker@ietfa.amsl.com>
In-Reply-To: <20150805150225.15925.93150.idtracker@ietfa.amsl.com>
OpenPGP: id=3E52119EF853C59678DBBF6BADED9A77B67AD329; url=http://zash.se/~zash/pubkey.asc
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="aLGeeSGNgU1oNd9RwMIbKVDvBvsbMXCr7"
Archived-At: <http://mailarchive.ietf.org/arch/msg/xmpp/YZXxoQP0u5HUee3emI7WzIoJtu4>
Subject: Re: [xmpp] Stephen Farrell's No Objection on draft-ietf-xmpp-dna-10: (with COMMENT)
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Aug 2015 16:25:20 -0000

Hi,

Just want reply to these:

On 2015-08-05 17:02, Stephen Farrell wrote:
> - section 3: does nobody ever use mutually authenticated
> TLS for this with XMPP? (Just wondering.)

No, mutual authentication using TLS for client-to-server connections is
used, I believe, in some environments.

> - 3.2: I didn't know that XMPP clients send a user ID in
> cleartext before turning on TLS. Pity that.  Is it ok
> for a client to fake that and then later authenticate as
> a different entity such as "usertwo@a.example"?

I don't think many clients really do that, for privacy concern.  Our
server implementation doesn't care about the stream 'from' on client
connections, regardless of security and authentication.

-- 
Kim "Zash" Alvefur