From mamille2@cisco.com Wed Feb 22 08:50:16 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B77321F871A for ; Wed, 22 Feb 2012 08:50:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8.216 X-Spam-Level: X-Spam-Status: No, score=-8.216 tagged_above=-999 required=5 tests=[AWL=1.183, BAYES_00=-2.599, J_CHICKENPOX_73=0.6, J_CHICKENPOX_83=0.6, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gTbvQ4NzCyRJ for ; Wed, 22 Feb 2012 08:50:11 -0800 (PST) Received: from mtv-iport-4.cisco.com (mtv-iport-4.cisco.com [173.36.130.15]) by ietfa.amsl.com (Postfix) with ESMTP id 595DD21F86B6 for ; Wed, 22 Feb 2012 08:50:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mamille2@cisco.com; l=2440; q=dns/txt; s=iport; t=1329929411; x=1331139011; h=subject:mime-version:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=XcNdOa+10gqdDu6mq/oMlCu/fBgjTBfY+OgEk1u9lFE=; b=e7o3le/kPfOVeyBHoHw6YdaJTeym0CL1L0ybodAJQz9CXNBaTvejDxU0 OSxv0X9UKS7tDFyequo7yWh3GrTqzbTPL8+8nuZlrPwst0Y0I5QDqBhNZ lv4xHyG3u3R7Ag8CwAdZriB3iqgrKmPT333LzVy3Mkkd1Wdd9QmUIx0HT I=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av4EAOsbRU+rRDoG/2dsb2JhbABEskiBB4FsBwEBAQMBEgEnPwULCw4KLlcGExsHhSaCOQmfdAGXIolignYCKQgLAw8NAhcBDAgChRcKQhkED4JKYwSIT4xpkw2BMw X-IronPort-AV: E=Sophos;i="4.73,465,1325462400"; d="scan'208";a="31669604" Received: from mtv-core-1.cisco.com ([171.68.58.6]) by mtv-iport-4.cisco.com with ESMTP; 22 Feb 2012 16:50:10 +0000 Received: from dhcp-64-101-72-197.cisco.com (dhcp-64-101-72-197.cisco.com [64.101.72.197]) by mtv-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id q1MGo9Xe019510; Wed, 22 Feb 2012 16:50:09 GMT Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Matt Miller In-Reply-To: <4F23BA44.4010707@mail.symlynx.com> Date: Wed, 22 Feb 2012 09:50:20 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <3105C324-8E7F-488E-8E31-328F202006CB@cisco.com> References: <67986F0A-D907-4C52-A44C-D0B16C7E2AEA@cisco.com> <4F23BA44.4010707@mail.symlynx.com> To: Philipp Hancke X-Pgp-Agent: GPGMail 1.3.3 X-Mailer: Apple Mail (2.1084) Cc: xmpp@ietf.org Subject: Re: [xmpp] Ponderings on Domain Name Assertions (DNA) X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Feb 2012 16:50:16 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [Sorry for the late reply] On Jan 28, 2012, at 02:05, Philipp Hancke wrote: > Matt Miller wrote: > [...] >> [1] Dave Cridland - "Dialback. Now without = Dialback" >=20 > If you re-read that carefully (neither Dave or I understood the full = implications of that, see XEP-0288 0.2 for some more hints) you might = notice that this "dialback" is used as a framework. >=20 > It works different from your approach like this: > (client is the s2s tls client, server the s2s tls server) > 1) client: I would like to send stanzas from montague.lit denmark.lit > 2) server checks it hosting denmark.lit and check (by any means = available, with the lowest possible proof being certificate equality > 3) server notifies client that it can start sending (or not). >=20 Personally, I would like one solution framework that can apply to both = c2s and s2s connections. Dialback is extremely unlikely to function for = clients. Also, at least in my readings of this, it still comes back to trusting = DNS. Until DNSSEC is ubiquitous, I don't think we really can. And just = because we are today doesn't make it OK. I'd welcome a specification that defines this more completely. > The advantage is that this is reusing what currently works: > dialback (assuming that you have tls on all connections you can = replace the XEP-0185 stuff with certificate equality and skip = at all), multiplexing and bidi. > It even enables us to get rid of what does not work (SASL EXTERNAL). > It is limited in the sense that it does not allow any in-band = challenge/response. >=20 I see the lack of any in-band challenge/response as problematic, but can = be convinced otherwise. - - m&m Matt Miller - Cisco Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJPRRzNAAoJEJq6Ou0cgrSPkPkH/2WLQ6+YvRYYlyvOcB+8Gnj2 zCf89AA4K99MpOkJLxt7xVNH7B1KLb8y7SFk2B586BDLxgJJaqgF9I4OyuQ67Zw5 hJRgPycKP7BgtraAa0Jc8VybkzFHT7rNSDzEzHV4sJ6JNIxSkQUtVX0n806DPpSr W3oEUENIe/Yd5c18Ww+sJu+DLELTUqFVDSrTnfnIknj+ACnaaGxX5CFFIXbcSSun HxwEQOq77kL7aBwiUMOX8cjrZqKIUFd0lqA0Yko0XvZdydM/ZU5HMIGkcNUnIXcr u4NflQ3uT0yVq91QKWN2ap5THyU/YRWIVQcr5FV7Yzk/0/LpsX0P1Lobp+VNlkw=3D =3DT7UL -----END PGP SIGNATURE----- From mamille2@cisco.com Wed Feb 29 07:35:04 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 266A821F864B for ; Wed, 29 Feb 2012 07:35:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8.89 X-Spam-Level: X-Spam-Status: No, score=-8.89 tagged_above=-999 required=5 tests=[AWL=1.709, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rLF+W0gpMy5r for ; Wed, 29 Feb 2012 07:35:03 -0800 (PST) Received: from mtv-iport-2.cisco.com (mtv-iport-2.cisco.com [173.36.130.13]) by ietfa.amsl.com (Postfix) with ESMTP id 3960321F85AE for ; Wed, 29 Feb 2012 07:35:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mamille2@cisco.com; l=1839; q=dns/txt; s=iport; t=1330529703; x=1331739303; h=from:content-transfer-encoding:subject:date:references: to:message-id:mime-version; bh=j7ThhgRHGLzz8jCUe9Rz085RRlE0xCokuWBQmQSCIVM=; b=HYMWGWokFDhblZKDRu+YUybdWghT39ccJdQXF5aIr2IZOA7K3CS9T8MG JPQHlGOJzejIOcROz9ofaLw6sPHufB2bolUeICBVfjFhxvj0ElZydoiPu k4V2Ts2Kw0SidwUjLvIJILyzGNqJ+ojvpyJ+bQBXqHen48bQczmY6DgME I=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av0EAO1ETk+rRDoG/2dsb2JhbABDs22BB4F7AQEEAQEBDwEnNBtRJyYKGQkZh2YBC6BjAZc5jHozAggCCgEGCwIGBxUBCgYDAoUCDzIBAQwBBgQFAQUOBw6CO2MEiE+McIsdh3Q X-IronPort-AV: E=Sophos;i="4.73,503,1325462400"; d="scan'208";a="33383671" Received: from mtv-core-1.cisco.com ([171.68.58.6]) by mtv-iport-2.cisco.com with ESMTP; 29 Feb 2012 15:35:02 +0000 Received: from dhcp-64-101-72-155.cisco.com (dhcp-64-101-72-155.cisco.com [64.101.72.155]) by mtv-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id q1TFZ2s6008822 for ; Wed, 29 Feb 2012 15:35:02 GMT From: Matt Miller Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Wed, 29 Feb 2012 08:35:10 -0700 References: <999913AB42CC9341B05A99BBF358718D0128F8D6@FIESEXC035.nsn-intra.net> To: xmpp@ietf.org Message-Id: Mime-Version: 1.0 (Apple Message framework v1084) X-Pgp-Agent: GPGMail 1.3.3 X-Mailer: Apple Mail (2.1084) Subject: [xmpp] Fwd: I-D Action: draft-miller-xmpp-e2e-00.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Feb 2012 15:35:04 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FYI, recently submitted. - - m&m Matt Miller - Cisco Systems, Inc. Begin forwarded message: >=20 > A New Internet-Draft is available from the on-line Internet-Drafts > directories. >=20 > Title : End-to-End Object Encryption for the > Extensible Messaging and Presence Protocol (XMPP) > Author(s) : Matthew Miller > Filename : draft-miller-xmpp-e2e-00.txt > Pages : 18 > Date : 2012-02-29 >=20 > This document defines a method of end-to-end object encryption for > the Extensible Messaging and Presence Protocol (XMPP). >=20 >=20 > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-miller-xmpp-e2e-00.txt >=20 > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ >=20 > This Internet-Draft can be retrieved at: > ftp://ftp.ietf.org/internet-drafts/draft-miller-xmpp-e2e-00.txt >=20 > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJPTkWvAAoJEJq6Ou0cgrSPdKUIAOczbEotUD3LPG0D5EvGFWd5 YIyt02MC1Q5AItmBWhOSZp22QJBocC2JlMVVPXjrYFXvCZzAVVWzuH2QeA4tZhIQ GkuQwlbVg4kIqVQQqnNPLBNbxULX/YVlncNw8ecSYkT8rUkIFOfVHSQWmiLX/BXj ZKzSgrZ2iBOM1T3hYXv5DD2o2tL53ulz1nOI9E//o9XGbibesRrGdYVyVwFQ2Z0M Dcldjh4GmLH1mPXFQdO2HWiXk1RHl90iDj4XWrrERZkfkls8QkIFAtbUx4Ofii3M NqFwUBCNH7YN8VtVwadaj5PbKS9XuBMWesEfm7wHIRz5Vvj1NKZcBr6sriwXk98=3D =3Du4WS -----END PGP SIGNATURE-----