Re: [xmpp] DNA transport
Dave Cridland <dave@cridland.net> Fri, 15 January 2010 23:04 UTC
Return-Path: <dave@cridland.net>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F14113A67B3 for <xmpp@core3.amsl.com>; Fri, 15 Jan 2010 15:04:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 82m7hAMWANVX for <xmpp@core3.amsl.com>; Fri, 15 Jan 2010 15:04:01 -0800 (PST)
Received: from peirce.dave.cridland.net (peirce.dave.cridland.net [217.155.137.61]) by core3.amsl.com (Postfix) with ESMTP id BCE7E3A6840 for <xmpp@ietf.org>; Fri, 15 Jan 2010 15:04:00 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by peirce.dave.cridland.net (Postfix) with ESMTP id 117E911680B8; Fri, 15 Jan 2010 23:03:53 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at peirce.dave.cridland.net
Received: from peirce.dave.cridland.net ([127.0.0.1]) by localhost (peirce.dave.cridland.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K+pf3QENqVNR; Fri, 15 Jan 2010 23:03:52 +0000 (GMT)
Received: from puncture (puncture.local [IPv6:2001:838:378:0:221:85ff:fe3f:1696]) by peirce.dave.cridland.net (Postfix) with ESMTPA id A08AC11680B3; Fri, 15 Jan 2010 23:03:52 +0000 (GMT)
References: <2170B6E1-79CA-4F85-A1D2-4564B8806984@BBN.COM>
In-Reply-To: <2170B6E1-79CA-4F85-A1D2-4564B8806984@BBN.COM>
MIME-Version: 1.0
Message-Id: <30081.1263596632.641431@puncture>
Date: Fri, 15 Jan 2010 23:03:52 +0000
From: Dave Cridland <dave@cridland.net>
To: "Richard L. Barnes" <RBARNES@BBN.COM>, XMPP Working Group <xmpp@ietf.org>
Content-Type: text/plain; delsp="yes"; charset="us-ascii"; format="flowed"
Subject: Re: [xmpp] DNA transport
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jan 2010 23:04:02 -0000
On Fri Jan 15 17:31:13 2010, Richard L. Barnes wrote: > Assuming for the moment that we're going to stick with attribute > certs: Rather than using both TLS and some new XML to carry DNA > information, why not just hand the attribute certs over as part of > the TLS negotiation? That is, carrying XMPP authorization certs > seems like a natural application of the TLS authorization > extensions [1]. That way, implementations can save on the crypto > costs (since tls- authz is reportedly already implemented in > OpenSSL, GNUTLS, and NSS), and draft-ietf-xmpp-dna can focus on > the AC profile. Can't - XMPP needs to dynamically add multiple domain credentials on the fly during a stream, so I think we'd need to either have a new TLS record type, or else carry them in the application protocol. Carrying them in the application protocol also means we're channel independent. And don't have to wait on the TLS guys quite so long. Dave. -- Dave Cridland - mailto:dave@cridland.net - xmpp:dwd@dave.cridland.net - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
- [xmpp] DNA transport Richard L. Barnes
- Re: [xmpp] DNA transport Stephen Farrell
- Re: [xmpp] DNA transport Richard L. Barnes
- Re: [xmpp] DNA transport Dave Cridland
- Re: [xmpp] DNA transport Jonas Lindberg
- Re: [xmpp] DNA transport Simon Josefsson