IETF Logo Mail Archive

Re: [xmpp] #39: prohibition on TLS renegotiation

Kurt Zeilenga <Kurt.Zeilenga@Isode.com> Wed, 07 July 2010 17:54 UTC

Return-Path: <Kurt.Zeilenga@Isode.com>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E5EF73A68A3 for <xmpp@core3.amsl.com>; Wed, 7 Jul 2010 10:54:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.384
X-Spam-Level:
X-Spam-Status: No, score=-2.384 tagged_above=-999 required=5 tests=[AWL=0.215, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FBfbrjBgedJn for <xmpp@core3.amsl.com>; Wed, 7 Jul 2010 10:54:23 -0700 (PDT)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id 117953A68C5 for <xmpp@ietf.org>; Wed, 7 Jul 2010 10:54:23 -0700 (PDT)
Received: from [192.168.1.102] ((unknown) [75.141.233.128]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <TDS=TwB1H5y=@rufus.isode.com>; Wed, 7 Jul 2010 18:54:24 +0100
X-SMTP-Protocol-Errors: NORDNS
From: Kurt Zeilenga <Kurt.Zeilenga@Isode.com>
In-Reply-To: <4C3498DE.4020709@stpeter.im>
Date: Wed, 07 Jul 2010 10:54:21 -0700
Message-Id: <59381091-C8D6-4DDD-A3C7-CA60F2137371@Isode.com>
References: <057.cd3487385f077266653b25eecf323b0d@tools.ietf.org> <4C27CFDC.4060701@stpeter.im> <87lj9re7r2.fsf@mocca.josefsson.org> <4C335537.6070605@stpeter.im> <4C335FB7.2030806@stpeter.im> <87630r9xks.fsf@mocca.josefsson.org> <12FEB9B4-C775-46F2-BC3A-F4737F165FD9@Isode.com> <87aaq38hdi.fsf@mocca.josefsson.org> <4C3498DE.4020709@stpeter.im>
To: Peter Saint-Andre <stpeter@stpeter.im>
X-Mailer: Apple Mail (2.1081)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Cc: xmpp@ietf.org
Subject: Re: [xmpp] #39: prohibition on TLS renegotiation
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jul 2010 17:54:24 -0000

On Jul 7, 2010, at 8:10 AM, Peter Saint-Andre wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 7/7/10 9:02 AM, Simon Josefsson wrote:
>> Kurt Zeilenga <Kurt.Zeilenga@Isode.com> writes:
>> 
>>> I personally wouldn't have a problem with just saying "SHOULD NOT do
>>> TLS renegotiation".  That is, I don't see a particular need to detail
>>> how to implement a non-recommended capability.
>> 
>> I also dislike going into details about non-recommended approaches.  I
>> prefer MUST NOT over SHOULD NOT if we cannot think up at least one
>> use-case when the SHOULD NOT recommendation isn't followed.  Especially
>> since if a use case appears for TLS renegotiation, use of it (and what
>> it means for XMPP) can be described in a separate document.
> 
> Further: do we have a use case *now*? If not, why leave the door open?

One could argue that via the update specification approach, the door is always open.

I prefer the door to be a bit more open than that.  That is, a SHOULD NOT instead of MUST NOT.  But it's not all that big of a deal.

As far as use case, I simply note that personally prefer authentication mechanisms which do not require me to expose user information to a server which I have yet to authenticate.  I prefer this sufficiently to actually design and implement mechanisms which allow me to authenticate the server before authenticating exposing user information.  I suspect I'm not the only person with this preference.

-- Kurt

v2.23.0 | Report a Bug | By Email