IETF Logo Mail Archive

Re: [xmpp] WGLC of draft-ietf-xmpp-websocket-02

Lance Stout <lance@andyet.net> Fri, 06 June 2014 20:36 UTC

Return-Path: <lance@andyet.net>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE4CA1A01B2 for <xmpp@ietfa.amsl.com>; Fri, 6 Jun 2014 13:36:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ysX9XEYi2P-n for <xmpp@ietfa.amsl.com>; Fri, 6 Jun 2014 13:36:10 -0700 (PDT)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D4751A0025 for <xmpp@ietf.org>; Fri, 6 Jun 2014 13:36:10 -0700 (PDT)
Received: by mail-pb0-f44.google.com with SMTP id rq2so2933427pbb.3 for <xmpp@ietf.org>; Fri, 06 Jun 2014 13:36:03 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=OKwZsOqVSZ8vSuKAd5MPG/jaokQp+DoxuiH6PGixQic=; b=C1H8NOBs8bdDutlymY7IdHqlJWv+1nJxC6NSrXjBoEAtK7C5fnp56I+iqr/oJpUBQu bMnCaVu65M/3GfE/HL3MS0ytCq80sq1MHbM2M0hj9K65trVusjaCQ69PnWeG0bePdJvo ILbudmIWMg8vmKZLFLEZ4ZRG+poyeEyRVtmS+uwY4kaqSbjT0ePTfWGg2cYnm2/UuwwD 6KtGxaVLU7+TLeMr3aRHZ/jObxv3g+Df3Ib2Ri4cE4otllQNhoroQgvd2ZyNB8FwYLAa 6+dXKM5Rz1fn55GB7aRUxfEW4tornb73w4jET9lSKkftsdQcttxD67sB313yHFhhqENr hYig==
X-Gm-Message-State: ALoCoQnILCKSrTKajP+lnXeurCk6O6E4/FiJn8NQo+Uv4H9Lgf70ghZVtTCV223A2/fNWNrSq96o
X-Received: by 10.68.242.135 with SMTP id wq7mr4581822pbc.147.1402086963616; Fri, 06 Jun 2014 13:36:03 -0700 (PDT)
Received: from [192.168.1.23] (66-191-14-77.static.knwc.wa.charter.com. [66.191.14.77]) by mx.google.com with ESMTPSA id jt7sm39548390pbc.46.2014.06.06.13.36.02 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 06 Jun 2014 13:36:02 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_E7724817-C649-48D3-A14D-3B3D633ED489"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Lance Stout <lance@andyet.net>
In-Reply-To: <73438225-60E0-4301-ABD8-7AE8C8C7CDEE@nostrum.com>
Date: Fri, 06 Jun 2014 13:36:00 -0700
Message-Id: <0F867757-72F8-4961-9B0C-476F2987652C@andyet.net>
References: <F8275190-9346-4879-9843-A3DF6C604F8C@nostrum.com> <9372C947-DE5D-4115-B1DD-3E1D216C9D62@nostrum.com> <9D46867E-ADA1-4530-AF23-B43AC6E68B3E@andyet.net> <6322B641-3846-4A62-9BBC-0A8A30F50DE6@nostrum.com> <5384D9E8.5000601@stpeter.im> <6FF542E9-904E-4997-936F-D4C61087179A@nostrum.com> <53921B7C.8080403@stpeter.im> <73438225-60E0-4301-ABD8-7AE8C8C7CDEE@nostrum.com>
To: XMPP Working Group <xmpp@ietf.org>
X-Mailer: Apple Mail (2.1878.2)
Archived-At: http://mailarchive.ietf.org/arch/msg/xmpp/ganCRzK958s6d1CHIb7vTunW0Rs
Cc: Ben Campbell <ben@nostrum.com>
Subject: Re: [xmpp] WGLC of draft-ietf-xmpp-websocket-02
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jun 2014 20:36:12 -0000

> Strictly as an individual, I then propose we either remove the mention entirely (my preference), or move it to an "implementation note" so that it cannot be conflated with the normative statement it's currently attached to.
> 
> But I realize that's pretty pedantic, and  if the authors are tired of making new versions, I can live with it as is :-)

Not tired. I've removed the offending parenthetical :-)


However, I did amend the Security Considerations based on the prior discussion here, stating that if the XMPP over WebSocket service is provided as an intermediary between the XMPP server and client, then it SHOULD use an encrypted channel between itself and the XMPP server. Likewise, a client would need to use e2e encryption if it truly wants data privacy as there's no way to prove that the WS intermediary really is using encryption to the XMPP server. (The same considerations that apply for BOSH services)

— Lance

v2.23.0 | Report a Bug | By Email