Re: [xmpp] WGLC of draft-ietf-xmpp-websocket-02

Lance Stout <lance@andyet.net> Tue, 22 April 2014 23:29 UTC

Return-Path: <lance@andyet.net>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5EC61A0284 for <xmpp@ietfa.amsl.com>; Tue, 22 Apr 2014 16:29:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VxeqTMNVXE3k for <xmpp@ietfa.amsl.com>; Tue, 22 Apr 2014 16:29:26 -0700 (PDT)
Received: from mail-pa0-f49.google.com (mail-pa0-f49.google.com [209.85.220.49]) by ietfa.amsl.com (Postfix) with ESMTP id 63AC41A0283 for <xmpp@ietf.org>; Tue, 22 Apr 2014 16:29:26 -0700 (PDT)
Received: by mail-pa0-f49.google.com with SMTP id lj1so127253pab.8 for <xmpp@ietf.org>; Tue, 22 Apr 2014 16:29:20 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=fwjaG3DUBepDwYqO99m1C0wSdHn0xEI+fkzr1nhpFog=; b=TxJRJiHYxWvzaUeBt5sUdC1nfbJ15H9EKq9sDbyhDIv6z8uL2n8kK3okLVn3uHcf6y tayxDXtcCnsVF/kp1u1u6ilcyyAahKnuT92+x6X+czBB5LL8sY0m9ne3PsxR2NMFUFty M0xDjvqrhPZf/4XUiusw9DyZzKHKL+YlEVFWpoLtykmERZZPGVuprtxhN4VIXazOwXpA V5bZne+bsgFeL6P/4F5ocZ817OmX10HbHJxRJxts5JO4cYuIjD515R3RulhAwCezt3k0 oWd8IODO7VH9DvBF29yHBtOWi/Lx89LnIuxsdXqHsmfjFrY5jGOJ6tqZjgl05V8wF+7a +Tug==
X-Gm-Message-State: ALoCoQmHCPP/B5hWDTBOZw6Khx09MKkuJGC848OsEI3/7zjnUapPAZ5PXOq1UkLwzucFqSalz33v
X-Received: by 10.68.181.165 with SMTP id dx5mr48553850pbc.38.1398209360792; Tue, 22 Apr 2014 16:29:20 -0700 (PDT)
Received: from [192.168.1.55] (66-191-14-77.static.knwc.wa.charter.com. [66.191.14.77]) by mx.google.com with ESMTPSA id xg4sm87342621pbb.47.2014.04.22.16.29.18 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 22 Apr 2014 16:29:19 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_54119639-3748-42DB-8F42-2D834F87E582"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Lance Stout <lance@andyet.net>
In-Reply-To: <9372C947-DE5D-4115-B1DD-3E1D216C9D62@nostrum.com>
Date: Tue, 22 Apr 2014 16:29:10 -0700
Message-Id: <9D46867E-ADA1-4530-AF23-B43AC6E68B3E@andyet.net>
References: <F8275190-9346-4879-9843-A3DF6C604F8C@nostrum.com> <9372C947-DE5D-4115-B1DD-3E1D216C9D62@nostrum.com>
To: Ben Campbell <ben@nostrum.com>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/xmpp/w8rhBSH_F1k3hVyPLmsVxNz1VKY
Cc: XMPP Working Group <xmpp@ietf.org>
Subject: Re: [xmpp] WGLC of draft-ietf-xmpp-websocket-02
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Apr 2014 23:29:31 -0000

On Apr 22, 2014, at 2:49 PM, Ben Campbell <ben@nostrum.com> wrote:
> 
> The WGLC has completed. Authors, please let the list know when you believe all feedback has been addressed. (Note: "addressed" does not necessarily mean "accepted".)

Draft -06 has been published, which I believe addresses all feedback so far.


I note there is a pending question on connection managers, but I don't believe that the use of a connection manager affects any of the actions prescribed in the latest document. CMs should be transparent.


We do have Security Considerations listed in XEP-0124 for BOSH connection managers, which amount to 'use TLS from the CM to the backend', and 'use e2e encryption on the client' because guaranteeing anything about a CM's behaviour is beyond scope. I can expand the Security Considerations for this document to do the same, if people deem that necessary.