[xmpp] Fwd: Re: [dane] DANE-SRV, SNI functional equivalent and XMPP
Peter Saint-Andre - &yet <peter@andyet.net> Mon, 18 May 2015 22:09 UTC
Return-Path: <peter@andyet.net>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF3151ACD5C for <xmpp@ietfa.amsl.com>; Mon, 18 May 2015 15:09:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jpXI3l47zk6G for <xmpp@ietfa.amsl.com>; Mon, 18 May 2015 15:09:32 -0700 (PDT)
Received: from mail-pd0-f175.google.com (mail-pd0-f175.google.com [209.85.192.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1EEE1A1BE9 for <xmpp@ietf.org>; Mon, 18 May 2015 15:09:32 -0700 (PDT)
Received: by pdbnk13 with SMTP id nk13so70819687pdb.1 for <xmpp@ietf.org>; Mon, 18 May 2015 15:09:32 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=zt980zlLZ1XCerhpAOiOTRvGcKJhKt+Py8kmkv/mZiU=; b=Os1D/Qq1uGCY8Lehz+fFIXcPVg/u1Iv4mg6ii5GyHGB6GsibUAmvybCMOpb31rPpYs v9sDm2NtbttafPrQbWDhjGX5NjfjP/FkF5fzZyIloe85OTSfeVHKO7WFlR27+XmoMeqL U7yWNURg0PxhehvPfLBgKYdi9tqza3Qg5dZFbXcgn9w4PHLx7lkkI0oD80a+XXYqu2E6 iBoeYyGFQXUlDEIy+D9OU3hkg3aeLEdxmf1VzuZSW6MhEUbWZ9yYyhtsp2fMqRt/koRU 1xDVKDIJcnZ066d4jovaBkxhN5MUe16Rh/Zy/u9kJ/5wo6CB/nM5X+8KjK0e+R7HwJJs 3niQ==
X-Gm-Message-State: ALoCoQm0PgirQZxN2mkbs1tS+T2hnN/07jGE+hA62Dq6pROR2a3JDnAZqsil1ScsQ86+3z78U1xe
X-Received: by 10.66.159.68 with SMTP id xa4mr48734763pab.105.1431986972355; Mon, 18 May 2015 15:09:32 -0700 (PDT)
Received: from aither.local ([2620:101:80fc:232:69a0:90a5:a596:1371]) by mx.google.com with ESMTPSA id nw8sm11022066pdb.30.2015.05.18.15.09.31 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 18 May 2015 15:09:31 -0700 (PDT)
Message-ID: <555A6319.9010703@andyet.net>
Date: Mon, 18 May 2015 15:09:29 -0700
From: Peter Saint-Andre - &yet <peter@andyet.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: XMPP Working Group <xmpp@ietf.org>
References: <555A61CA.2020108@andyet.net>
In-Reply-To: <555A61CA.2020108@andyet.net>
X-Forwarded-Message-Id: <555A61CA.2020108@andyet.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/xmpp/mZyLhgwfJ9urQmliSeQ42DCwciM>
Subject: [xmpp] Fwd: Re: [dane] DANE-SRV, SNI functional equivalent and XMPP
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 May 2015 22:09:35 -0000
This thread started on the DANE WG list but I think it belongs here. -------- Forwarded Message -------- Subject: Re: [dane] DANE-SRV, SNI functional equivalent and XMPP Date: Mon, 18 May 2015 15:03:54 -0700 From: Peter Saint-Andre - &yet <peter@andyet.net> To: dane@ietf.org On 5/17/15 9:55 AM, Kim Alvefur wrote: > Hello list! Hi Zash! > Georg Lukas noted that section 4.1 says, in the context of XMPP, to use > to='xmpp23.hosting.example.net' in the stream header, as that is the > "functional equivalent" of SNI in XMPP. However, that conflicts with > the current semantics of 'to' being the service domain name to the > server host name. That will break many, if not all, deployed servers. > The server should know what certificate to use for the indicated domain > name. > > http://tools.ietf.org/html/draft-ietf-dane-srv-14#section-4.1 Hmm. First, all draft-ietf-dane-srv says is that you don't need to use SNI in XMPP because we already have a way for the TLS client to specify which domain name it expects of the TLS server, i.e., the 'to' address of the initial stream header. Second, draft-ietf-xmpp-dna is the document that specifies the behavior of XMPP entities. So IMHO this is a topic for the XMPP WG list, not the DANE WG list. I'll forward this message to that list and continue the conversation there. :-) Peter -- Peter Saint-Andre https://andyet.com/ -- Peter Saint-Andre https://andyet.com/
- [xmpp] Fwd: Re: [dane] DANE-SRV, SNI functional e… Peter Saint-Andre - &yet
- Re: [xmpp] Fwd: Re: [dane] DANE-SRV, SNI function… Peter Saint-Andre - &yet
- Re: [xmpp] Fwd: Re: [dane] DANE-SRV, SNI function… Dave Cridland
- Re: [xmpp] Fwd: Re: [dane] DANE-SRV, SNI function… Peter Saint-Andre - &yet
- Re: [xmpp] Fwd: Re: [dane] DANE-SRV, SNI function… Peter Saint-Andre - &yet