[xmpp] I-D Action: draft-ietf-xmpp-posh-01.txt

internet-drafts@ietf.org Fri, 20 June 2014 03:40 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 839781A02FB; Thu, 19 Jun 2014 20:40:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id TRGSqznsqhxV; Thu, 19 Jun 2014 20:40:38 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id CCB221A0168; Thu, 19 Jun 2014 20:40:38 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 5.5.0.p3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140620034038.16277.78785.idtracker@ietfa.amsl.com>
Date: Thu, 19 Jun 2014 20:40:38 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/xmpp/t3rJl-qg3tlkcHpGjlUuLBLktuU
Cc: xmpp@ietf.org
Subject: [xmpp] I-D Action: draft-ietf-xmpp-posh-01.txt
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jun 2014 03:40:40 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Extensible Messaging and Presence Protocol Working Group of the IETF.

        Title           : PKIX over Secure HTTP (POSH)
        Authors         : Matthew Miller
                          Peter Saint-Andre
	Filename        : draft-ietf-xmpp-posh-01.txt
	Pages           : 14
	Date            : 2014-06-19

   Experience has shown that it is extremely difficult to deploy proper
   PKIX certificates for TLS in multi-tenanted environments, since
   certification authorities will not issue certificates for hosted
   domains to hosting services, hosted domains do not want hosting
   services to hold their private keys, and hosting services wish to
   avoid liability for holding those keys.  As a result, domains hosted
   in multi-tenanted environments often deploy non-HTTP applications
   such as email and instant messaging using certificates that identify
   the hosting service, not the hosted domain.  Such deployments force
   end users and peer services to accept a certificate with an improper
   identifier, resulting in obvious security implications.  This
   document defines two methods that make it easier to deploy
   certificates for proper server identity checking in non-HTTP
   application protocols.  The first method enables the TLS client
   associated with a user agent or peer application server to obtain the
   end-entity certificate of a hosted domain over secure HTTP as an
   alternative to standard PKIX techniques.  The second method enables a
   hosted domain to securely delegate a non-HTTP application to a
   hosting service using redirects provided by HTTPS itself or by a
   pointer in a file served over HTTPS at the hosted domain.  While this
   approach was developed for use in the Extensible Messaging and
   Presence Protocol (XMPP) as a Domain Name Association prooftype, it
   can be applied to any non-HTTP application protocol.

The IETF datatracker status page for this draft is:

There's also a htmlized version available at:

A diff from the previous version is available at:

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at: