From mamille2@cisco.com Wed Jun 6 08:39:33 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D119721F88D2 for ; Wed, 6 Jun 2012 08:39:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.599 X-Spam-Level: X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jqnbs7v-li4I for ; Wed, 6 Jun 2012 08:39:33 -0700 (PDT) Received: from mtv-iport-4.cisco.com (mtv-iport-4.cisco.com [173.36.130.15]) by ietfa.amsl.com (Postfix) with ESMTP id 253B821F88B4 for ; Wed, 6 Jun 2012 08:39:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mamille2@cisco.com; l=6036; q=dns/txt; s=iport; t=1338997173; x=1340206773; h=from:subject:date:references:to:message-id:mime-version: content-transfer-encoding; bh=7aRqjlLZx83IZdFQZWnPKbgOAX5ihRJ8AWREBpw63PM=; b=VCGsSr3isT/tf6yGrNhIOF2haYgdw0wYoZrn5/j/9/Ug/MFRVHYHGFBe 5lkpMvUXRnJuRS6LCXTKVWwWrw7Am+JbRShUvq0YGMjL3csYNG+V8L2UJ 6yoEB0zUhhGu/DbJUYtS3nEztMMRECA38GhUvymyfiVPKtamZ2Wkpmefy 0=; X-Files: smime.p7s, PGP.sig : 2214, 535 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av8EAKJ4z0+rRDoH/2dsb2JhbABFtDWBB4IYAQEBAwEBAQEPAVsQCxwDAQIvAiUfBwIIBhMJGYdkBAELl3CfdIsYhTlgA4hAhXeGZoVThS6DE4Fmgn8 X-IronPort-AV: E=Sophos;i="4.75,724,1330905600"; d="sig'?p7s'?scan'208";a="47805153" Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-4.cisco.com with ESMTP; 06 Jun 2012 15:39:33 +0000 Received: from [64.101.72.35] ([64.101.72.35]) by mtv-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id q56FdWY7012212 for ; Wed, 6 Jun 2012 15:39:32 GMT From: Matt Miller Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-14--87264324" Date: Wed, 6 Jun 2012 09:39:48 -0600 References: <20120606153712.8378.19976.idtracker@ietfa.amsl.com> To: XMPP Working Group Message-Id: <903C2094-5EB3-4B6A-AB73-FAEC2582A847@cisco.com> Mime-Version: 1.0 (Apple Message framework v1084) Content-Transfer-Encoding: 7bit X-Pgp-Agent: GPGMail 1.3.3 X-Mailer: Apple Mail (2.1084) Subject: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-00.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2012 15:39:34 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-14--87264324 Content-Type: multipart/signed; boundary=Apple-Mail-13--87264344; protocol="application/pkcs7-signature"; micalg=sha1 --Apple-Mail-13--87264344 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii FYI Begin forwarded message: > From: internet-drafts@ietf.org > Date: June 6, 2012 09:37:12 MDT > To: i-d-announce@ietf.org > Subject: I-D Action: draft-miller-xmpp-dnssec-prooftype-00.txt > Reply-To: internet-drafts@ietf.org >=20 >=20 > A New Internet-Draft is available from the on-line Internet-Drafts = directories. >=20 > Title : Using DNSSEC and DANE as a Prooftype for XMPP = Delegation > Author(s) : Matthew Miller > Peter Saint-Andre > Filename : draft-miller-xmpp-dnssec-prooftype-00.txt > Pages : 6 > Date : 2012-06-06 >=20 > This document defines a model for securely delegating an XMPP = service > for a domain to a host associated with a different domain. >=20 >=20 > A URL for this Internet-Draft is: > = http://www.ietf.org/internet-drafts/draft-miller-xmpp-dnssec-prooftype-00.= txt >=20 > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ >=20 > This Internet-Draft can be retrieved at: > = ftp://ftp.ietf.org/internet-drafts/draft-miller-xmpp-dnssec-prooftype-00.t= xt >=20 > The IETF datatracker page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-miller-xmpp-dnssec-prooftype/ >=20 > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt - m&m Matt Miller - Cisco Systems, Inc. --Apple-Mail-13--87264344 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFNTCCBTEw ggMZoAMCAQICAwmYMjANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3Jp dHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMDEyMTQxNzQ3MTlaFw0x MjEyMTMxNzQ3MTlaMDwxFzAVBgNVBAMTDk1hdHRoZXcgTWlsbGVyMSEwHwYJKoZIhvcNAQkBFhJt YW1pbGxlMkBjaXNjby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7Sh5cQYtd /kfoG3KjXd8i2esxt+BtHCmuiSku2VECC6msLKzA08cGJ31GfyX7+996TV3D5omh51j5fznfFikk cVGsuKe+omo70Aidw48ISGygQk8ZJrU8JVVfTjKVJRX39wgj8w8CI/BCz4kXLirIBWKTv1ARuqsO 7I1aqT7pWHAwlAKIbYYEwfz46OjyzmqknglOecy/1PR09nXwAAIepSo0Jk9edqsU8Pdqsbx8cPUV jlFtVkk+58ORjefl+4BoGrzW24rGG2B04sNPrycNqZEaJLmdk5J9ie/FMV10H8wFW8syomuacPxv NhoUgNnkYsJiO7zJEKUUmbmW1GPFAgMBAAGjgf4wgfswDAYDVR0TAQH/BAIwADBWBglghkgBhvhC AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQgb3ZlciB0byBo dHRwOi8vd3d3LkNBY2VydC5vcmcwQAYDVR0lBDkwNwYIKwYBBQUHAwQGCCsGAQUFBwMCBgorBgEE AYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAB hhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMB0GA1UdEQQWMBSBEm1hbWlsbGUyQGNpc2NvLmNvbTAN BgkqhkiG9w0BAQUFAAOCAgEAoa/WVlTWG/rbVIFlG1tCdJrbVvIWNfUNSgojunKsoaVGCoIh7T1+ SgWe8sV+r7s5bVlq66iGxTm/qoKMHM9i4aNGlwWDkXqLHoCKbY4qKPGKnn7PaoA6DWQ5u7ZKBkn9 N2fY8iLxiAy/hLnjtRLlbSr2yBX0DbO1K0ORLDwfO2MUf1j2Cou+qVvEmyEe7cUq37iOOsNbtghT xjn+RE7WJiHcR9deAkfI1xXi7UZcFME+k6nhdnX/qWFFLox0fJJCzX1H8DTzRIjA+ciNLWSG+TRx s7fAn+YZisJdkGxMcWlHZxSu+ybPjc9T7zCyf4+yFHigdOMNxiQ2k/E9WTJ84xIis2TG3E9Nba9B PMb6cgjiqGxiFpKKHj9/5A3wDIHZ8dof+M7YFGnHzwF9i72ZEoaO3hMEhAg9LhqGtQtEZohbTZL2 FOeT+8VjUHSOKhEYurQjWrHDj+ZyDjzhOE/KMwqSWokZhoy0s+VQ05BrVlbXd5DJaB/Hem0MdDUc /6IjqtI6f8O/HLQFAVUQgtW50bfCjDOAB/SaEKzygblcAHxSKDbduRQaRst6cIHEy4eQxvxrHIhg b2KWZ00jS+7NUnAMOyzIJTcZfV5mkCb8UjMHq9NSChwpBFuDzpXxjU20xJGDvbVWNDwfbITCczph p4uuhLITzvhHKaUNwxoqx0oxggMzMIIDLwIBATCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYD VQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRo b3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDCZgyMAkGBSsOAwIaBQCg ggGHMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDYwNjE1Mzk0 OFowIwYJKoZIhvcNAQkEMRYEFFKJkncC7dPrxA66U9XUcsvSnxIvMIGRBgkrBgEEAYI3EAQxgYMw gYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIw IAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0 QGNhY2VydC5vcmcCAwmYMjCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAwmYMjANBgkq hkiG9w0BAQEFAASCAQAk15AnMNKZx0/znuPFkt2Wg7HH77cim49as5aanD6pRkXFf+x4BfWUdMXG K6Wz0icI9YRV+UPurtlfKwLExAFxi1QH6YludmVhDVk9nJYRVX5RfGe2y/9dEMzLCQP/w8ESxVBi paU9PBL1KEbU/ry3VbmDCg1H5/jXgvoUREVV1XgJ8i97GhOWY/FY0Y1JUF5KU41swL2lkhzfeUv8 RHpWXP0mdYaTfVJoCbRnqXKaKqPRiiJ3Wi1p4n54K3W6ZQee7ZimCdx0LMn5/tdXRwCNedbfds4G zb/d02W5h0SHI5eUA3Py0r/kNWDvn+SdtqMSjZnUr9hk3UPxJCfAva1RAAAAAAAA --Apple-Mail-13--87264344-- --Apple-Mail-14--87264324 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJPz3nEAAoJEJq6Ou0cgrSPxk0H/RhdLo/o/bKulMFvFw/0oS5A QiyDQiEcSKN0gfwI3oFyaUk7EjJWUiASAB+GrBdTdhWs5WBYp2tp/zIL153veAo8 JRBaBtvtyNXsfrvjG0VZ82VNC8Ex3YP8dU48Q1DUw7TjlLsiVUhqS2uFcQe6jJ5X q073GZexVjn01AAfbV8xkmblKQhP4Fj88tK7+Hz7DH2pJ4yCTfekLmpNlNpBTNSY 0nGoWKjiXLbAwhKJmvj62KUjMzVlkrbTJMNgKVgDgahhrsDypq/3FsurOqQ7ZdYB vXyCFDRQZXzp5pMm2NBnzxOIzbsEOs92a3nF03Q8J5+UvYQUMwAhGhYF90rWlVY= =U9ze -----END PGP SIGNATURE----- --Apple-Mail-14--87264324-- From fippo@mail.symlynx.com Wed Jun 6 10:15:17 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD11821F8608 for ; Wed, 6 Jun 2012 10:15:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id As+SVsW6QahL for ; Wed, 6 Jun 2012 10:15:17 -0700 (PDT) Received: from lo.psyced.org (lost.IN.psyced.org [188.40.42.221]) by ietfa.amsl.com (Postfix) with ESMTP id E300D21F85C4 for ; Wed, 6 Jun 2012 10:15:10 -0700 (PDT) Received: from [192.168.2.100] (p5B2160E4.dip.t-dialin.net [91.33.96.228]) (authenticated bits=0) by lo.psyced.org (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q56HF2D9030111 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 6 Jun 2012 19:15:08 +0200 Message-ID: <4FCF9012.40401@mail.symlynx.com> Date: Wed, 06 Jun 2012 19:14:58 +0200 From: Philipp Hancke User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1 MIME-Version: 1.0 To: xmpp@ietf.org References: <20120606153712.8378.19976.idtracker@ietfa.amsl.com> <903C2094-5EB3-4B6A-AB73-FAEC2582A847@cisco.com> In-Reply-To: <903C2094-5EB3-4B6A-AB73-FAEC2582A847@cisco.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-00.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2012 17:15:18 -0000 [...] [4. Use of DNSSEC] seems to be mostly applicable to the case of the s2s tls server also. Reversed roles, but that is not different from 6125. The only difference is that you can skip steps 4+5 then because you're not (at this point) establishing a tcp connection. [5.1. No Delegation] > a port of 5222 for client-to-server streams (e.g. > "_5222._tcp.im.example.com") or 5269 for server-to-server streams > (e.g. "_5269._tcp.im.example.com"). Does that apply even if a SRV record exists and the port is different from 5222/5269? When using DANE to verify the certificate on an incoming s2s connection (acting as a TLS server), what port am I supposed to use when verifying the sender domain (220 terminology) From stpeter@stpeter.im Wed Jun 6 10:28:22 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CB2121F8685 for ; Wed, 6 Jun 2012 10:28:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.828 X-Spam-Level: X-Spam-Status: No, score=-102.828 tagged_above=-999 required=5 tests=[AWL=-0.229, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tOLwGA-Mm+m2 for ; Wed, 6 Jun 2012 10:28:21 -0700 (PDT) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 96D2921F8675 for ; Wed, 6 Jun 2012 10:28:21 -0700 (PDT) Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 9CAD040081; Wed, 6 Jun 2012 11:45:11 -0600 (MDT) Message-ID: <4FCF9333.8010901@stpeter.im> Date: Wed, 06 Jun 2012 11:28:19 -0600 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: Philipp Hancke References: <20120606153712.8378.19976.idtracker@ietfa.amsl.com> <903C2094-5EB3-4B6A-AB73-FAEC2582A847@cisco.com> <4FCF9012.40401@mail.symlynx.com> In-Reply-To: <4FCF9012.40401@mail.symlynx.com> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: xmpp@ietf.org Subject: Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-00.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2012 17:28:22 -0000 On 6/6/12 11:14 AM, Philipp Hancke wrote: > [5.1. No Delegation] >> a port of 5222 for client-to-server streams (e.g. >> "_5222._tcp.im.example.com") or 5269 for server-to-server streams >> (e.g. "_5269._tcp.im.example.com"). > > Does that apply even if a SRV record exists and the port is different > from 5222/5269? When using DANE to verify the certificate on an incoming > s2s connection (acting as a TLS server), what port am I supposed to use > when verifying the sender domain (220 terminology) In TLSA records, the port number is the one most closely associated with the application protocol. As far as I understand DANE, you could host an XMPP service at another port and put that port number in the prepared domain name. Matt also indicated to me that it's possible to leave off the port entirely, although I'm not fully convinced of that yet. :) Peter -- Peter Saint-Andre https://stpeter.im/ From mamille2@cisco.com Wed Jun 6 10:59:11 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2768C21F858E for ; Wed, 6 Jun 2012 10:59:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.599 X-Spam-Level: X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lg9S6d-EyuVj for ; Wed, 6 Jun 2012 10:59:10 -0700 (PDT) Received: from mtv-iport-3.cisco.com (mtv-iport-3.cisco.com [173.36.130.14]) by ietfa.amsl.com (Postfix) with ESMTP id 447D321F857F for ; Wed, 6 Jun 2012 10:59:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mamille2@cisco.com; l=6078; q=dns/txt; s=iport; t=1339005550; x=1340215150; h=subject:mime-version:from:in-reply-to:date:cc:message-id: references:to:content-transfer-encoding; bh=pCd8MCjOuTz6A/gJETXwxyZhtKn+2+leMLZ5zgW2PT0=; b=LsIW7idWKwCqRbT04ID7XVauxi53DaiWyfyrgAYbbU7kPAvvaGva+pFu kq60zMqwnna9X9eTl4TyX38jYaV/xDtJlu8du2jo4VEaT06t31C7rs/Ux EziOHe0MRED4FgL5PXYUO/mPFP8xtzVa5g17DYkxvCPkiHd5jjwmTIEHV 0=; X-Files: smime.p7s, PGP.sig : 2214, 535 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av0EABSaz0+rRDoH/2dsb2JhbABFtDaBB4IYAQEBAwESAWYFCwsYLgJVBhMih2QEAZhXn3OLGIU5YAOIQIV3hmaBEoRBiEGBZoJ/ X-IronPort-AV: E=Sophos;i="4.75,725,1330905600"; d="sig'?p7s'?scan'208";a="45334749" Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-3.cisco.com with ESMTP; 06 Jun 2012 17:59:10 +0000 Received: from [64.101.72.35] ([64.101.72.35]) by mtv-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id q56Hx9Jo007154; Wed, 6 Jun 2012 17:59:09 GMT Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-20--78887504" From: Matt Miller In-Reply-To: <4FCF9333.8010901@stpeter.im> Date: Wed, 6 Jun 2012 11:59:25 -0600 Message-Id: <434B44DC-82B0-4714-91A7-E995F5A3E3BB@cisco.com> References: <20120606153712.8378.19976.idtracker@ietfa.amsl.com> <903C2094-5EB3-4B6A-AB73-FAEC2582A847@cisco.com> <4FCF9012.40401@mail.symlynx.com> <4FCF9333.8010901@stpeter.im> To: Peter Saint-Andre Content-Transfer-Encoding: 7bit X-Pgp-Agent: GPGMail 1.3.3 X-Mailer: Apple Mail (2.1084) Cc: xmpp@ietf.org Subject: Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-00.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2012 17:59:11 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-20--78887504 Content-Type: multipart/signed; boundary=Apple-Mail-19--78887508; protocol="application/pkcs7-signature"; micalg=sha1 --Apple-Mail-19--78887508 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On Jun 6, 2012, at 11:28, Peter Saint-Andre wrote: > On 6/6/12 11:14 AM, Philipp Hancke wrote: >=20 > >=20 >> [5.1. No Delegation] >>> a port of 5222 for client-to-server streams (e.g. >>> "_5222._tcp.im.example.com") or 5269 for server-to-server streams >>> (e.g. "_5269._tcp.im.example.com"). >>=20 >> Does that apply even if a SRV record exists and the port is different >> from 5222/5269? When using DANE to verify the certificate on an = incoming >> s2s connection (acting as a TLS server), what port am I supposed to = use >> when verifying the sender domain (220 terminology) >=20 > In TLSA records, the port number is the one most closely associated = with > the application protocol. As far as I understand DANE, you could host = an > XMPP service at another port and put that port number in the prepared > domain name. Matt also indicated to me that it's possible to leave off > the port entirely, although I'm not fully convinced of that yet. :) >=20 I should have noted this document might have dependencies = on another "federation framework" document I'll add this to the list of things to cover. In my opinion, for XMPP server-to-server, the receiving server would = need to perform SRV lookups of the initiating entity's source domain to = determine the derived domain + port, so that the TLSA records can be = properly located. =46rom my reading of DANE, it *appears* one could have TLSA records for = the domain only (e.g. "hosting.example.net"), but accept I could have = read it incorrectly (-: - m&m Matt Miller - Cisco Systems, Inc. --Apple-Mail-19--78887508 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFNTCCBTEw ggMZoAMCAQICAwmYMjANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3Jp dHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMDEyMTQxNzQ3MTlaFw0x MjEyMTMxNzQ3MTlaMDwxFzAVBgNVBAMTDk1hdHRoZXcgTWlsbGVyMSEwHwYJKoZIhvcNAQkBFhJt YW1pbGxlMkBjaXNjby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7Sh5cQYtd /kfoG3KjXd8i2esxt+BtHCmuiSku2VECC6msLKzA08cGJ31GfyX7+996TV3D5omh51j5fznfFikk cVGsuKe+omo70Aidw48ISGygQk8ZJrU8JVVfTjKVJRX39wgj8w8CI/BCz4kXLirIBWKTv1ARuqsO 7I1aqT7pWHAwlAKIbYYEwfz46OjyzmqknglOecy/1PR09nXwAAIepSo0Jk9edqsU8Pdqsbx8cPUV jlFtVkk+58ORjefl+4BoGrzW24rGG2B04sNPrycNqZEaJLmdk5J9ie/FMV10H8wFW8syomuacPxv NhoUgNnkYsJiO7zJEKUUmbmW1GPFAgMBAAGjgf4wgfswDAYDVR0TAQH/BAIwADBWBglghkgBhvhC AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQgb3ZlciB0byBo dHRwOi8vd3d3LkNBY2VydC5vcmcwQAYDVR0lBDkwNwYIKwYBBQUHAwQGCCsGAQUFBwMCBgorBgEE AYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAB hhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMB0GA1UdEQQWMBSBEm1hbWlsbGUyQGNpc2NvLmNvbTAN BgkqhkiG9w0BAQUFAAOCAgEAoa/WVlTWG/rbVIFlG1tCdJrbVvIWNfUNSgojunKsoaVGCoIh7T1+ SgWe8sV+r7s5bVlq66iGxTm/qoKMHM9i4aNGlwWDkXqLHoCKbY4qKPGKnn7PaoA6DWQ5u7ZKBkn9 N2fY8iLxiAy/hLnjtRLlbSr2yBX0DbO1K0ORLDwfO2MUf1j2Cou+qVvEmyEe7cUq37iOOsNbtghT xjn+RE7WJiHcR9deAkfI1xXi7UZcFME+k6nhdnX/qWFFLox0fJJCzX1H8DTzRIjA+ciNLWSG+TRx s7fAn+YZisJdkGxMcWlHZxSu+ybPjc9T7zCyf4+yFHigdOMNxiQ2k/E9WTJ84xIis2TG3E9Nba9B PMb6cgjiqGxiFpKKHj9/5A3wDIHZ8dof+M7YFGnHzwF9i72ZEoaO3hMEhAg9LhqGtQtEZohbTZL2 FOeT+8VjUHSOKhEYurQjWrHDj+ZyDjzhOE/KMwqSWokZhoy0s+VQ05BrVlbXd5DJaB/Hem0MdDUc /6IjqtI6f8O/HLQFAVUQgtW50bfCjDOAB/SaEKzygblcAHxSKDbduRQaRst6cIHEy4eQxvxrHIhg b2KWZ00jS+7NUnAMOyzIJTcZfV5mkCb8UjMHq9NSChwpBFuDzpXxjU20xJGDvbVWNDwfbITCczph p4uuhLITzvhHKaUNwxoqx0oxggMzMIIDLwIBATCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYD VQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRo b3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDCZgyMAkGBSsOAwIaBQCg ggGHMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDYwNjE3NTky NVowIwYJKoZIhvcNAQkEMRYEFL4XB4DkcTL1li8oxvlDlGp97Y6ZMIGRBgkrBgEEAYI3EAQxgYMw gYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIw IAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0 QGNhY2VydC5vcmcCAwmYMjCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAwmYMjANBgkq hkiG9w0BAQEFAASCAQC7AirFYEDk4xadrZzELVsNwnqK9wg82E6woorYtazf1yr8PRr/XhOd5gfI vop6Y3FdqjgEEuRVcfldafBAMofpNPiEbEGRmyk6VmMUP3p8cLABqvrNscEZZB7lzFn88LAH64KZ uBscoSZx93mRYLlnKw2Rx9Kcm/5hP55YMqoi+HHjVRASIG1Nr2FN6FLo4et+s96DNn5VyYP6WhqH tF0cQonpsgoHhPaqqTIQnygCZE+2IHJCs6aX3a9JT3Du2jydAalyLajCiTejwft2dh5F+u9Ll2OS 6WSkfYX0n7TTSVAr14wx42DlJ+ZeVVhf79CFTiJ245O4CZvEnGWXZiHFAAAAAAAA --Apple-Mail-19--78887508-- --Apple-Mail-20--78887504 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJPz5p9AAoJEJq6Ou0cgrSPyhEIAKyOAiEbRc4X/Y+uVGHec4+x MaghzIloQY+9eoWexT3QJRp2Mzan1it4Ou19X8Hh/01gS+ew0Nrv5ZbAPyJuKKFa VP885OVEBYR0xoHbR8ti/FU8G/g2FpfXZdpwKlLH4zLNf1HpN6S7G8DH27IvmDZE DPcMCwah8f4BVeIB3K8+bSCEwLvXEHTfUnUJpdMOW1K6ZK8xnzRrmH9rF7pGJmAe k4+aXF0RYrPY33VyjgBNjFBpseK4zjq7hLVSqHq+SiXJyvcNJihjsz0J033C0Irc lk6Y9i9+G+66JPLW9s+UYRfSvfXBmn3ZPdmfHXYrPDaKwLgRCi+CuTwUxdV8OGk= =Fmha -----END PGP SIGNATURE----- --Apple-Mail-20--78887504-- From fippo@mail.symlynx.com Wed Jun 6 11:23:09 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68BCF11E80C7 for ; Wed, 6 Jun 2012 11:23:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.299 X-Spam-Level: X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_43=0.6] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BsJUZz-fQuvK for ; Wed, 6 Jun 2012 11:23:08 -0700 (PDT) Received: from lo.psyced.org (lost.IN.psyced.org [188.40.42.221]) by ietfa.amsl.com (Postfix) with ESMTP id 8937911E80B0 for ; Wed, 6 Jun 2012 11:23:07 -0700 (PDT) Received: from [192.168.2.100] (p5B2160E4.dip.t-dialin.net [91.33.96.228]) (authenticated bits=0) by lo.psyced.org (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q56IMiDv031416 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 6 Jun 2012 20:23:03 +0200 Message-ID: <4FCF9FF0.9040102@mail.symlynx.com> Date: Wed, 06 Jun 2012 20:22:40 +0200 From: Philipp Hancke User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1 MIME-Version: 1.0 To: Matt Miller , XMPP Working Group References: <20120606153712.8378.19976.idtracker@ietfa.amsl.com> <903C2094-5EB3-4B6A-AB73-FAEC2582A847@cisco.com> <4FCF9012.40401@mail.symlynx.com> <4FCF9333.8010901@stpeter.im> <434B44DC-82B0-4714-91A7-E995F5A3E3BB@cisco.com> In-Reply-To: <434B44DC-82B0-4714-91A7-E995F5A3E3BB@cisco.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-00.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2012 18:23:09 -0000 Am 06.06.2012 19:59, schrieb Matt Miller: > In my opinion, for XMPP server-to-server, the receiving server would need to perform SRV lookups of the initiating entity's source domain to determine the derived domain + port, so that the TLSA records can be properly located. I'd prefer to avoid that. I liked the usage of srv records at the end of http://www.ietf.org/mail-archive/web/xmpp/current/msg02617.html but seem to be issues with dane+srv, see http://trac.tools.ietf.org/wg/dane/trac/ticket/28 From stpeter@stpeter.im Wed Jun 6 11:27:23 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D953921F888A for ; Wed, 6 Jun 2012 11:27:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.523 X-Spam-Level: X-Spam-Status: No, score=-102.523 tagged_above=-999 required=5 tests=[AWL=-0.524, BAYES_00=-2.599, J_CHICKENPOX_43=0.6, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5eAjyTRKGzvq for ; Wed, 6 Jun 2012 11:27:23 -0700 (PDT) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 4B8D711E80C7 for ; Wed, 6 Jun 2012 11:27:22 -0700 (PDT) Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 21C8C40081; Wed, 6 Jun 2012 12:44:12 -0600 (MDT) Message-ID: <4FCFA108.1090906@stpeter.im> Date: Wed, 06 Jun 2012 12:27:20 -0600 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: Philipp Hancke References: <20120606153712.8378.19976.idtracker@ietfa.amsl.com> <903C2094-5EB3-4B6A-AB73-FAEC2582A847@cisco.com> <4FCF9012.40401@mail.symlynx.com> <4FCF9333.8010901@stpeter.im> <434B44DC-82B0-4714-91A7-E995F5A3E3BB@cisco.com> <4FCF9FF0.9040102@mail.symlynx.com> In-Reply-To: <4FCF9FF0.9040102@mail.symlynx.com> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: XMPP Working Group Subject: Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-00.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2012 18:27:24 -0000 On 6/6/12 12:22 PM, Philipp Hancke wrote: > Am 06.06.2012 19:59, schrieb Matt Miller: >> In my opinion, for XMPP server-to-server, the receiving server would >> need to perform SRV lookups of the initiating entity's source domain >> to determine the derived domain + port, so that the TLSA records can >> be properly located. > > I'd prefer to avoid that. > I liked the usage of srv records at the end of > http://www.ietf.org/mail-archive/web/xmpp/current/msg02617.html Creating TLSA records under _xmpp-server._tcp.capulet.lit would, I think, require a new DNS resource record type (you could think of it as "TLSS", parallel to "TLSA" for A/AAAA records). Personally I'm hoping to avoid that. > but seem to be issues with dane+srv, see > http://trac.tools.ietf.org/wg/dane/trac/ticket/28 Oh yes, there are issues. :) Peter -- Peter Saint-Andre https://stpeter.im/ From mamille2@cisco.com Wed Jun 6 12:54:44 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A45221F8535 for ; Wed, 6 Jun 2012 12:54:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.299 X-Spam-Level: X-Spam-Status: No, score=-10.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_43=0.6, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MjQ-XBYRrGY5 for ; Wed, 6 Jun 2012 12:54:43 -0700 (PDT) Received: from mtv-iport-3.cisco.com (mtv-iport-3.cisco.com [173.36.130.14]) by ietfa.amsl.com (Postfix) with ESMTP id D719221F854D for ; Wed, 6 Jun 2012 12:54:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mamille2@cisco.com; l=5791; q=dns/txt; s=iport; t=1339012474; x=1340222074; h=subject:mime-version:from:in-reply-to:date:cc:message-id: references:to:content-transfer-encoding; bh=gJfIqGjwvBLudC0Zy3g3kynGZcPn0ll3K1loBiQdW2I=; b=kxIlCU9acxG8yAYVelPNb6rDu5PcwlqOlcSizJou6d9KQN8xYXlkQMNK dSzgBVyWxgzwL3Rqq6mzSrVn/vpmzb09C1r6XJS2QesMs0SMzIrGpSpl8 R9elwpaIdKXwzBLahX3jiNxs4w7vCE0q3nvTZSJewFEMaMJLfEQeP09xr Q=; X-Files: smime.p7s, PGP.sig : 2214, 535 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av0EACC1z0+rRDoH/2dsb2JhbABFtDaBB4IYAQEBAwESAWYFCwsYLgJVBhMJGYdkBAELmFGfcYsYGgqFFWADiECFd4ZmgRKEQYhBgWaCf4FA X-IronPort-AV: E=Sophos;i="4.75,725,1330905600"; d="sig'?p7s'?scan'208";a="45349207" Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-3.cisco.com with ESMTP; 06 Jun 2012 19:54:33 +0000 Received: from [64.101.72.35] ([64.101.72.35]) by mtv-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id q56JsWLl017811; Wed, 6 Jun 2012 19:54:33 GMT Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-22--71963819" From: Matt Miller In-Reply-To: <4FCFA108.1090906@stpeter.im> Date: Wed, 6 Jun 2012 13:54:48 -0600 Message-Id: <04639AAF-F461-496C-8419-738E9C32D1B2@cisco.com> References: <20120606153712.8378.19976.idtracker@ietfa.amsl.com> <903C2094-5EB3-4B6A-AB73-FAEC2582A847@cisco.com> <4FCF9012.40401@mail.symlynx.com> <4FCF9333.8010901@stpeter.im> <434B44DC-82B0-4714-91A7-E995F5A3E3BB@cisco.com> <4FCF9FF0.9040102@mail.symlynx.com> <4FCFA108.1090906@stpeter.im> To: Peter Saint-Andre Content-Transfer-Encoding: 7bit X-Pgp-Agent: GPGMail 1.3.3 X-Mailer: Apple Mail (2.1084) Cc: XMPP Working Group Subject: Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-00.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2012 19:54:44 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-22--71963819 Content-Type: multipart/signed; boundary=Apple-Mail-21--71963821; protocol="application/pkcs7-signature"; micalg=sha1 --Apple-Mail-21--71963821 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On Jun 6, 2012, at 12:27, Peter Saint-Andre wrote: > On 6/6/12 12:22 PM, Philipp Hancke wrote: >> Am 06.06.2012 19:59, schrieb Matt Miller: >>> In my opinion, for XMPP server-to-server, the receiving server would >>> need to perform SRV lookups of the initiating entity's source domain >>> to determine the derived domain + port, so that the TLSA records can >>> be properly located. >>=20 >> I'd prefer to avoid that. >> I liked the usage of srv records at the end of >> http://www.ietf.org/mail-archive/web/xmpp/current/msg02617.html >=20 > Creating TLSA records under _xmpp-server._tcp.capulet.lit would, I > think, require a new DNS resource record type (you could think of it = as > "TLSS", parallel to "TLSA" for A/AAAA records). Personally I'm hoping = to > avoid that. >=20 I also think this becomes an operational nightmare for the source domain = admin. Unless the there is not derived domain, the source domain admin = would need to maintain constant vigilance of the derived domain's = certificates to ensure their "TLSA for SRV" records are current against = the derived domain's. >> but seem to be issues with dane+srv, see >> http://trac.tools.ietf.org/wg/dane/trac/ticket/28 >=20 > Oh yes, there are issues. :) I think it's best to leave that bear un-poked (-: - m&m Matt Miller - Cisco Systems, Inc. --Apple-Mail-21--71963821 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFNTCCBTEw ggMZoAMCAQICAwmYMjANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3Jp dHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMDEyMTQxNzQ3MTlaFw0x MjEyMTMxNzQ3MTlaMDwxFzAVBgNVBAMTDk1hdHRoZXcgTWlsbGVyMSEwHwYJKoZIhvcNAQkBFhJt YW1pbGxlMkBjaXNjby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7Sh5cQYtd /kfoG3KjXd8i2esxt+BtHCmuiSku2VECC6msLKzA08cGJ31GfyX7+996TV3D5omh51j5fznfFikk cVGsuKe+omo70Aidw48ISGygQk8ZJrU8JVVfTjKVJRX39wgj8w8CI/BCz4kXLirIBWKTv1ARuqsO 7I1aqT7pWHAwlAKIbYYEwfz46OjyzmqknglOecy/1PR09nXwAAIepSo0Jk9edqsU8Pdqsbx8cPUV jlFtVkk+58ORjefl+4BoGrzW24rGG2B04sNPrycNqZEaJLmdk5J9ie/FMV10H8wFW8syomuacPxv NhoUgNnkYsJiO7zJEKUUmbmW1GPFAgMBAAGjgf4wgfswDAYDVR0TAQH/BAIwADBWBglghkgBhvhC AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQgb3ZlciB0byBo dHRwOi8vd3d3LkNBY2VydC5vcmcwQAYDVR0lBDkwNwYIKwYBBQUHAwQGCCsGAQUFBwMCBgorBgEE AYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAB hhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMB0GA1UdEQQWMBSBEm1hbWlsbGUyQGNpc2NvLmNvbTAN BgkqhkiG9w0BAQUFAAOCAgEAoa/WVlTWG/rbVIFlG1tCdJrbVvIWNfUNSgojunKsoaVGCoIh7T1+ SgWe8sV+r7s5bVlq66iGxTm/qoKMHM9i4aNGlwWDkXqLHoCKbY4qKPGKnn7PaoA6DWQ5u7ZKBkn9 N2fY8iLxiAy/hLnjtRLlbSr2yBX0DbO1K0ORLDwfO2MUf1j2Cou+qVvEmyEe7cUq37iOOsNbtghT xjn+RE7WJiHcR9deAkfI1xXi7UZcFME+k6nhdnX/qWFFLox0fJJCzX1H8DTzRIjA+ciNLWSG+TRx s7fAn+YZisJdkGxMcWlHZxSu+ybPjc9T7zCyf4+yFHigdOMNxiQ2k/E9WTJ84xIis2TG3E9Nba9B PMb6cgjiqGxiFpKKHj9/5A3wDIHZ8dof+M7YFGnHzwF9i72ZEoaO3hMEhAg9LhqGtQtEZohbTZL2 FOeT+8VjUHSOKhEYurQjWrHDj+ZyDjzhOE/KMwqSWokZhoy0s+VQ05BrVlbXd5DJaB/Hem0MdDUc /6IjqtI6f8O/HLQFAVUQgtW50bfCjDOAB/SaEKzygblcAHxSKDbduRQaRst6cIHEy4eQxvxrHIhg b2KWZ00jS+7NUnAMOyzIJTcZfV5mkCb8UjMHq9NSChwpBFuDzpXxjU20xJGDvbVWNDwfbITCczph p4uuhLITzvhHKaUNwxoqx0oxggMzMIIDLwIBATCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYD VQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRo b3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDCZgyMAkGBSsOAwIaBQCg ggGHMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDYwNjE5NTQ0 OVowIwYJKoZIhvcNAQkEMRYEFFXilCZ6PvHlf2xgtGrpI43CMn3zMIGRBgkrBgEEAYI3EAQxgYMw gYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIw IAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0 QGNhY2VydC5vcmcCAwmYMjCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAwmYMjANBgkq hkiG9w0BAQEFAASCAQBrCpELRIN+oqvE9VkkYq4H5xy2rNPB+tTcwcTIS/aHYyhDL4R5N7XPhjUQ 3+6Ia/bzpVBT7S/RkA/QQ/4OrD/Hl/8vrBn/krGv5xN7sci0PkCa6jTH4MQ8JbCLKXnjdlcoRSYr qMcIdDC6ZiXEePS8UN6xYCouUcu/joakJQFPIgTK93qOYDZjUCNuTTZx0eexLC3QwCyLmgFw1C4W 6O5lN9+2pzxfG/DuQglegaMv0o/m6JqfNt16hn7MOHj7RUOy68n46mivc+xawacxlo0qO/LkBSV+ 0fpn/24RD9VCt/HOnbE331DUeLdKOt3sExVzJv4mJFg1apAUlqmAbqpCAAAAAAAA --Apple-Mail-21--71963821-- --Apple-Mail-22--71963819 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJPz7WJAAoJEJq6Ou0cgrSPt1MIAK600YbLNkAALQ9rb7eJPton 2M1DXK7Nw7aOqEMPQQeieWOi+8xYhsW6cdn89Rgz3eE8/ByiANUNQVnUblxVX7HK Wrzsoe+xXEzRh089fft8VPfpKUVaRtuK/FuDosL+Ibh0/GHaF+zYV1i4gNMf9B2Q KpD41M1+qOqm5fKQz4QS6L12Popw1k4myNNhSi1mYPq6/7nI8QtcvuhGYvgzzDx9 7V/+JKKtSFu3beZBMGaiJml1gmb7/AdAoJcalCgkuSdRlUIFJ3lZA0DoH9C2j3EG kRlKi7RRw3m9L/jEprUJv/gm6rFibC+iuupkz0JIFg9a5Oswkw6tWQNrgxskalY= =9tYS -----END PGP SIGNATURE----- --Apple-Mail-22--71963819-- From stpeter@stpeter.im Wed Jun 6 12:57:25 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99F0E21F8535 for ; Wed, 6 Jun 2012 12:57:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.811 X-Spam-Level: X-Spam-Status: No, score=-102.811 tagged_above=-999 required=5 tests=[AWL=-0.212, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TJhwg0YZZ0J1 for ; Wed, 6 Jun 2012 12:57:24 -0700 (PDT) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id DF97821F873D for ; Wed, 6 Jun 2012 12:57:24 -0700 (PDT) Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id EA56940081; Wed, 6 Jun 2012 14:14:14 -0600 (MDT) Message-ID: <4FCFB617.4070003@stpeter.im> Date: Wed, 06 Jun 2012 13:57:11 -0600 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20120601 Thunderbird/13.0 MIME-Version: 1.0 To: Matt Miller References: <20120606153712.8378.19976.idtracker@ietfa.amsl.com> <903C2094-5EB3-4B6A-AB73-FAEC2582A847@cisco.com> <4FCF9012.40401@mail.symlynx.com> <4FCF9333.8010901@stpeter.im> <434B44DC-82B0-4714-91A7-E995F5A3E3BB@cisco.com> <4FCF9FF0.9040102@mail.symlynx.com> <4FCFA108.1090906@stpeter.im> <04639AAF-F461-496C-8419-738E9C32D1B2@cisco.com> In-Reply-To: <04639AAF-F461-496C-8419-738E9C32D1B2@cisco.com> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: XMPP Working Group Subject: Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-00.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2012 19:57:25 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/6/12 1:54 PM, Matt Miller wrote: > > On Jun 6, 2012, at 12:27, Peter Saint-Andre wrote: > >> On 6/6/12 12:22 PM, Philipp Hancke wrote: >>> Am 06.06.2012 19:59, schrieb Matt Miller: >>>> In my opinion, for XMPP server-to-server, the receiving >>>> server would need to perform SRV lookups of the initiating >>>> entity's source domain to determine the derived domain + >>>> port, so that the TLSA records can be properly located. >>> >>> I'd prefer to avoid that. I liked the usage of srv records at >>> the end of >>> http://www.ietf.org/mail-archive/web/xmpp/current/msg02617.html >> >> >>> Creating TLSA records under _xmpp-server._tcp.capulet.lit would, I >> think, require a new DNS resource record type (you could think of >> it as "TLSS", parallel to "TLSA" for A/AAAA records). Personally >> I'm hoping to avoid that. >> > > I also think this becomes an operational nightmare for the source > domain admin. Unless the there is not derived domain, the source > domain admin would need to maintain constant vigilance of the > derived domain's certificates to ensure their "TLSA for SRV" > records are current against the derived domain's. Right. Furthermore, I don't think it's necessary. The DANE spec describes the first "field" in the prepared domain name as follows: 1. The decimal representation of the port number on which a TLS- based service is assumed to exist is prepended with an underscore character ("_") to become the left-most label in the prepared domain name. This number has no leading zeros. Notice the "assumed to exist". We could interpret that as assuming the normal port, e.g., 5269 for XMPP s2s (since that's the port registered with IANA). Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/PthcACgkQNL8k5A2w/vwHDQCggmASfuewCH0IMcRBMVTU/jN0 +vYAoO6GTlnOsDD/J7DbtT5jCC9fh3p4 =NtIR -----END PGP SIGNATURE----- From mamille2@cisco.com Thu Jun 7 10:42:33 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1016711E8130 for ; Thu, 7 Jun 2012 10:42:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.549 X-Spam-Level: X-Spam-Status: No, score=-10.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 63aVrDmqp--o for ; Thu, 7 Jun 2012 10:42:32 -0700 (PDT) Received: from mtv-iport-3.cisco.com (mtv-iport-3.cisco.com [173.36.130.14]) by ietfa.amsl.com (Postfix) with ESMTP id 88EF311E812E for ; Thu, 7 Jun 2012 10:42:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mamille2@cisco.com; l=6724; q=dns/txt; s=iport; t=1339090951; x=1340300551; h=subject:mime-version:from:in-reply-to:date:cc:message-id: references:to:content-transfer-encoding; bh=SuA1eno0a1fii20C086f9/7NNAaftpqGpnmiN7yhwtc=; b=ItPq7ed1paiwnAGmwDB9jsfJP/C0CWos9Qyj/23oDhj/3CofVx8zbZJw /mMMSDh2MHF851e188ok4V6R/IxwpLZi+Pk8PDiutlZL/pStncd5c9D9a cDkTSuMKmPp0h4L3cyu1yUI/DapOsGvBDUb9toEX9Eg3MlJTFTdCocAYY g=; X-Files: smime.p7s, PGP.sig : 2214, 535 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av0EABvn0E+rRDoI/2dsb2JhbABFtCGBB4IYAQEBBBIBZhALGC4CVQYTCRmHaAELmRKffIsdGoUSYAOIQIV3hmaFU4hBgWaCf4FA X-IronPort-AV: E=Sophos;i="4.75,732,1330905600"; d="sig'?p7s'?scan'208";a="45492605" Received: from mtv-core-3.cisco.com ([171.68.58.8]) by mtv-iport-3.cisco.com with ESMTP; 07 Jun 2012 17:42:31 +0000 Received: from [64.101.72.35] ([64.101.72.35]) by mtv-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id q57HgUDn018304; Thu, 7 Jun 2012 17:42:30 GMT Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-40-6515349" From: Matt Miller In-Reply-To: <4FCFB617.4070003@stpeter.im> Date: Thu, 7 Jun 2012 11:42:47 -0600 Message-Id: References: <20120606153712.8378.19976.idtracker@ietfa.amsl.com> <903C2094-5EB3-4B6A-AB73-FAEC2582A847@cisco.com> <4FCF9012.40401@mail.symlynx.com> <4FCF9333.8010901@stpeter.im> <434B44DC-82B0-4714-91A7-E995F5A3E3BB@cisco.com> <4FCF9FF0.9040102@mail.symlynx.com> <4FCFA108.1090906@stpeter.im> <04639AAF-F461-496C-8419-738E9C32D1B2@cisco.com> <4FCFB617.4070003@stpeter.im> To: Peter Saint-Andre Content-Transfer-Encoding: 7bit X-Pgp-Agent: GPGMail 1.3.3 X-Mailer: Apple Mail (2.1084) Cc: XMPP Working Group Subject: Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-00.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jun 2012 17:42:33 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-40-6515349 Content-Type: multipart/signed; boundary=Apple-Mail-39-6515326; protocol="application/pkcs7-signature"; micalg=sha1 --Apple-Mail-39-6515326 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On Jun 6, 2012, at 13:57, Peter Saint-Andre wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > On 6/6/12 1:54 PM, Matt Miller wrote: >>=20 >> On Jun 6, 2012, at 12:27, Peter Saint-Andre wrote: >>=20 >>> On 6/6/12 12:22 PM, Philipp Hancke wrote: >>>> Am 06.06.2012 19:59, schrieb Matt Miller: >>>>> In my opinion, for XMPP server-to-server, the receiving >>>>> server would need to perform SRV lookups of the initiating >>>>> entity's source domain to determine the derived domain + >>>>> port, so that the TLSA records can be properly located. >>>>=20 >>>> I'd prefer to avoid that. I liked the usage of srv records at >>>> the end of=20 >>>> http://www.ietf.org/mail-archive/web/xmpp/current/msg02617.html >>>=20 >>>=20 >>>>=20 > Creating TLSA records under _xmpp-server._tcp.capulet.lit would, I >>> think, require a new DNS resource record type (you could think of >>> it as "TLSS", parallel to "TLSA" for A/AAAA records). Personally >>> I'm hoping to avoid that. >>>=20 >>=20 >> I also think this becomes an operational nightmare for the source >> domain admin. Unless the there is not derived domain, the source >> domain admin would need to maintain constant vigilance of the >> derived domain's certificates to ensure their "TLSA for SRV" >> records are current against the derived domain's. >=20 > Right. Furthermore, I don't think it's necessary. The DANE spec > describes the first "field" in the prepared domain name as follows: >=20 > 1. The decimal representation of the port number on which a TLS- > based service is assumed to exist is prepended with an = underscore > character ("_") to become the left-most label in the prepared > domain name. This number has no leading zeros. >=20 > Notice the "assumed to exist". We could interpret that as assuming the > normal port, e.g., 5269 for XMPP s2s (since that's the port registered > with IANA). >=20 I think that would be fine for TLSA. However, with "just" DNSSEC, I = don't see how the skeptical domain avoids the SRV lookup. The signing = of the records is what proves (or disproves) the chain of trust. DANE is some (potentially tasty) icing atop the DNSSEC cake, but you = still need the cake (-: - m&m Matt Miller - Cisco Systems, Inc. --Apple-Mail-39-6515326 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFNTCCBTEw ggMZoAMCAQICAwmYMjANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3Jp dHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMDEyMTQxNzQ3MTlaFw0x MjEyMTMxNzQ3MTlaMDwxFzAVBgNVBAMTDk1hdHRoZXcgTWlsbGVyMSEwHwYJKoZIhvcNAQkBFhJt YW1pbGxlMkBjaXNjby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7Sh5cQYtd /kfoG3KjXd8i2esxt+BtHCmuiSku2VECC6msLKzA08cGJ31GfyX7+996TV3D5omh51j5fznfFikk cVGsuKe+omo70Aidw48ISGygQk8ZJrU8JVVfTjKVJRX39wgj8w8CI/BCz4kXLirIBWKTv1ARuqsO 7I1aqT7pWHAwlAKIbYYEwfz46OjyzmqknglOecy/1PR09nXwAAIepSo0Jk9edqsU8Pdqsbx8cPUV jlFtVkk+58ORjefl+4BoGrzW24rGG2B04sNPrycNqZEaJLmdk5J9ie/FMV10H8wFW8syomuacPxv NhoUgNnkYsJiO7zJEKUUmbmW1GPFAgMBAAGjgf4wgfswDAYDVR0TAQH/BAIwADBWBglghkgBhvhC AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQgb3ZlciB0byBo dHRwOi8vd3d3LkNBY2VydC5vcmcwQAYDVR0lBDkwNwYIKwYBBQUHAwQGCCsGAQUFBwMCBgorBgEE AYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAB hhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMB0GA1UdEQQWMBSBEm1hbWlsbGUyQGNpc2NvLmNvbTAN BgkqhkiG9w0BAQUFAAOCAgEAoa/WVlTWG/rbVIFlG1tCdJrbVvIWNfUNSgojunKsoaVGCoIh7T1+ SgWe8sV+r7s5bVlq66iGxTm/qoKMHM9i4aNGlwWDkXqLHoCKbY4qKPGKnn7PaoA6DWQ5u7ZKBkn9 N2fY8iLxiAy/hLnjtRLlbSr2yBX0DbO1K0ORLDwfO2MUf1j2Cou+qVvEmyEe7cUq37iOOsNbtghT xjn+RE7WJiHcR9deAkfI1xXi7UZcFME+k6nhdnX/qWFFLox0fJJCzX1H8DTzRIjA+ciNLWSG+TRx s7fAn+YZisJdkGxMcWlHZxSu+ybPjc9T7zCyf4+yFHigdOMNxiQ2k/E9WTJ84xIis2TG3E9Nba9B PMb6cgjiqGxiFpKKHj9/5A3wDIHZ8dof+M7YFGnHzwF9i72ZEoaO3hMEhAg9LhqGtQtEZohbTZL2 FOeT+8VjUHSOKhEYurQjWrHDj+ZyDjzhOE/KMwqSWokZhoy0s+VQ05BrVlbXd5DJaB/Hem0MdDUc /6IjqtI6f8O/HLQFAVUQgtW50bfCjDOAB/SaEKzygblcAHxSKDbduRQaRst6cIHEy4eQxvxrHIhg b2KWZ00jS+7NUnAMOyzIJTcZfV5mkCb8UjMHq9NSChwpBFuDzpXxjU20xJGDvbVWNDwfbITCczph p4uuhLITzvhHKaUNwxoqx0oxggMzMIIDLwIBATCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYD VQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRo b3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDCZgyMAkGBSsOAwIaBQCg ggGHMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDYwNzE3NDI0 OFowIwYJKoZIhvcNAQkEMRYEFC7owV/GdSkOiiEyzCDiE6kVyTseMIGRBgkrBgEEAYI3EAQxgYMw gYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIw IAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0 QGNhY2VydC5vcmcCAwmYMjCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAwmYMjANBgkq hkiG9w0BAQEFAASCAQCNRQVRzFImrdEI+kBa4Ev+5lkhV6R+gEZpEfEOO4EGU6seswFVPO+d0Vd+ D22PiDz5vONPse89zJSeYJ9oAgxWq2+DetxW2zV+A9pQXUrR43oXk8AMHfiygr1W6rypdPhGWJQA tKB3nI54HhJQojk7sXhPRcUgB2Kz+9s4QTchAZCRAgwXQHFdLsKJ/trmJHT5Mh/cnsNHtf1HZKSU HMkwadRPouJjHv/Ms3NSpJLq3hx7p1oQa5tPTnbCh/UNgfZ18+ZMOj3PE6JGhYqsv7AeR8BlLgLR nqay0qtKwt/TW0dY7LHaVf5NlbpMCCvhzRPH1NT4samrlU+EYFJGTHvAAAAAAAAA --Apple-Mail-39-6515326-- --Apple-Mail-40-6515349 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJP0OgYAAoJEJq6Ou0cgrSPjPEIAMwYIuql5TETc2N+xxdLyQMC fA933TOIsxypdBuQmutRwN8048KxBz7KcloCjYG+hqStfU7A3Knt3lL1vbeQooCo 6lTvkEKntN5vNo/kp0nGbCWCE5zOE+r10jrTXdMg7nxdcl3WtxrQjHu8hqCklpF2 YBIVKyOENq//udl3mDLzr+70VkWLLrMEMReCRzbcZDbQQe73IprFK1/38iO51dTk M8Jyy8bsUToiXFmPBskb6H72pPxhIHwShsNKR+xwVfv0AH/7u+OORvDOe/EMq9oM 1KLY+mrwAUSolH8E0znHNYlsPgteDMSVT7cY5Qg3VEhL8xrxuB84/tVs7GfFtlM= =Uzej -----END PGP SIGNATURE----- --Apple-Mail-40-6515349-- From fippo@mail.symlynx.com Thu Jun 7 11:33:37 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5801D11E8107 for ; Thu, 7 Jun 2012 11:33:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 307hlGWB+GKE for ; Thu, 7 Jun 2012 11:33:35 -0700 (PDT) Received: from lo.psyced.org (lost.IN.psyced.org [188.40.42.221]) by ietfa.amsl.com (Postfix) with ESMTP id EB99311E80ED for ; Thu, 7 Jun 2012 11:33:32 -0700 (PDT) Received: from [192.168.2.100] (p54972F0E.dip.t-dialin.net [84.151.47.14]) (authenticated bits=0) by lo.psyced.org (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q57IXMZU024637 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 7 Jun 2012 20:33:28 +0200 Message-ID: <4FD0F3ED.2030303@mail.symlynx.com> Date: Thu, 07 Jun 2012 20:33:17 +0200 From: Philipp Hancke User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1 MIME-Version: 1.0 To: Matt Miller References: <20120606153712.8378.19976.idtracker@ietfa.amsl.com> <903C2094-5EB3-4B6A-AB73-FAEC2582A847@cisco.com> <4FCF9012.40401@mail.symlynx.com> <4FCF9333.8010901@stpeter.im> <434B44DC-82B0-4714-91A7-E995F5A3E3BB@cisco.com> <4FCF9FF0.9040102@mail.symlynx.com> <4FCFA108.1090906@stpeter.im> <04639AAF-F461-496C-8419-738E9C32D1B2@cisco.com> <4FCFB617.4070003@stpeter.im> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: XMPP Working Group Subject: Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-00.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jun 2012 18:33:37 -0000 Am 07.06.2012 19:42, schrieb Matt Miller: >> Notice the "assumed to exist". We could interpret that as assuming the >> normal port, e.g., 5269 for XMPP s2s (since that's the port registered >> with IANA). >> > > I think that would be fine for TLSA. However, with "just" DNSSEC, I don't see how the skeptical domain avoids the SRV lookup. The signing of the records is what proves (or disproves) the chain of trust. You can't avoid them because you need it to get the derived domain name. That is given for c2s or s2s client at the point when you're already connected but an extra step for the s2s server (it might be good to ignore s2s in this document and focus on c2s...). Incidentially that gives us the port number and answers my initial question. > DANE is some (potentially tasty) icing atop the DNSSEC cake, but you > still need the cake (-: No, those are different cakes. In section 4 7. For each address record answer that is a provably secure, the TLS client SHOULD consider a connection to that derived domain as securely delegated; This step is building the list of acceptable reference identifiers. when verifying the certificate (as described in [RFC6125]), That is the match-seeking step. the TLS client SHOULD do so against the derived domain but MAY also verify the certificate against the source domain. and this is again fiddling with the list of acceptable reference identifiers. Now what DANE does is replacing the concept of reference identifiers and presented identifers by the concept of the certificate association. Which of course can be considered as a different kind of reference identifiers and presentend identifiers, but that's a different cake. Speaking of which... From stpeter@stpeter.im Thu Jun 7 13:18:41 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4684211E8145 for ; Thu, 7 Jun 2012 13:18:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.839 X-Spam-Level: X-Spam-Status: No, score=-102.839 tagged_above=-999 required=5 tests=[AWL=-0.240, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7HiEKWsf8gaU for ; Thu, 7 Jun 2012 13:18:40 -0700 (PDT) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id BF70811E80AA for ; Thu, 7 Jun 2012 13:18:26 -0700 (PDT) Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 1ED7D400A4; Thu, 7 Jun 2012 14:35:20 -0600 (MDT) Message-ID: <4FD10C90.2080404@stpeter.im> Date: Thu, 07 Jun 2012 14:18:24 -0600 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20120601 Thunderbird/13.0 MIME-Version: 1.0 To: Philipp Hancke References: <20120606153712.8378.19976.idtracker@ietfa.amsl.com> <903C2094-5EB3-4B6A-AB73-FAEC2582A847@cisco.com> <4FCF9012.40401@mail.symlynx.com> <4FCF9333.8010901@stpeter.im> <434B44DC-82B0-4714-91A7-E995F5A3E3BB@cisco.com> <4FCF9FF0.9040102@mail.symlynx.com> <4FCFA108.1090906@stpeter.im> <04639AAF-F461-496C-8419-738E9C32D1B2@cisco.com> <4FCFB617.4070003@stpeter.im> <4FD0F3ED.2030303@mail.symlynx.com> In-Reply-To: <4FD0F3ED.2030303@mail.symlynx.com> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: XMPP Working Group Subject: Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-00.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jun 2012 20:18:41 -0000 On 6/7/12 12:33 PM, Philipp Hancke wrote: > Am 07.06.2012 19:42, schrieb Matt Miller: >>> Notice the "assumed to exist". We could interpret that as assuming the >>> normal port, e.g., 5269 for XMPP s2s (since that's the port registered >>> with IANA). >>> >> >> I think that would be fine for TLSA. However, with "just" DNSSEC, I >> don't see how the skeptical domain avoids the SRV lookup. The signing >> of the records is what proves (or disproves) the chain of trust. > > You can't avoid them because you need it to get the derived domain name. > That is given for c2s or s2s client at the point when you're already > connected but an extra step for the s2s server (it might be good to > ignore s2s in this document and focus on c2s...). > Incidentially that gives us the port number and answers my initial > question. > > >> DANE is some (potentially tasty) icing atop the DNSSEC cake, but you >> still need the cake (-: > > No, those are different cakes. > > In section 4 > > 7. For each address record answer that is a provably secure, the TLS > client SHOULD consider a connection to that derived domain as > securely delegated; > > This step is building the list of acceptable reference identifiers. > > when verifying the certificate (as described > in [RFC6125]), > > That is the match-seeking step. > > the TLS client SHOULD do so against the derived > domain but MAY also verify the certificate against the source > domain. > > and this is again fiddling with the list of acceptable reference > identifiers. Yes. I find it helpful to think in terms of reference identifiers (what the initiating entity expects the server to be) and presented identifiers (what the server claims to be in its certificate), but then again I co-authored RFC 6125. :) > Now what DANE does is replacing the concept of reference identifiers and > presented identifers by the concept of the certificate association. > Which of course can be considered as a different kind of reference > identifiers and presentend identifiers, but that's a different cake. Right: the term "certificate association" is another way to says that the TLS client has been able to match its reference identifier(s) with the TLS server's presented identifier(s). Or so it seems to me. Peter -- Peter Saint-Andre https://stpeter.im/ From stpeter@stpeter.im Thu Jun 7 13:25:09 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE4F321F86F5 for ; Thu, 7 Jun 2012 13:25:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.834 X-Spam-Level: X-Spam-Status: No, score=-102.834 tagged_above=-999 required=5 tests=[AWL=-0.235, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mZqbtsQ9KHAz for ; Thu, 7 Jun 2012 13:25:08 -0700 (PDT) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id A8C5421F86F1 for ; Thu, 7 Jun 2012 13:25:08 -0700 (PDT) Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 2FDA8400A4 for ; Thu, 7 Jun 2012 14:42:02 -0600 (MDT) Message-ID: <4FD10E22.2000708@stpeter.im> Date: Thu, 07 Jun 2012 14:25:06 -0600 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20120601 Thunderbird/13.0 MIME-Version: 1.0 To: XMPP Working Group References: In-Reply-To: X-Enigmail-Version: 1.4.2 X-Forwarded-Message-Id: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: [xmpp] Fwd: Re: [dane] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-00.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jun 2012 20:25:09 -0000 Just FYI, some discussion of this I-D is happening on the DANE WG list. /psa -------- Original Message -------- Subject: Re: [dane] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-00.txt Date: Thu, 7 Jun 2012 20:13:17 +0100 From: Tony Finch To: Matt Miller , Peter Saint-Andre CC: IETF DANE WG list This looks mostly good to me - it's going in pretty much the right direction. By which I mean I am specifying basically the same semantics for the MUA protocols :-) The pragmatics of deployment are somewhat different between XMPP and email, I think, since email deployments usually use certificates for the server host names whereas XMPP deployments use certificates for the JID domain. This might mean we have to specify different fallback behaviour. I haven't pinned down the precise details yet. Detailed comments and questions: Section 4 (XMPP SRV + DNSSEC): There is no mention of CNAME or DNAME indirections. They do not break the model, provided the entire indirection chain is secure. Bogus answers should be treated as security failures and cause the client to abort. Insecure/indeterminate answers should be treated as if DNSSEC were not present. At the moment the draft treats these the same. Points 4,5,6: There is no need to check the security status of the SRV target addresses, since the client is going to verify that the server's certificate matches the SRV target host name. Point 7: The client SHOULD check the source domain if the derived domain doesn't match. Making the source check a MAY is too weak: you don't want DNSSEC deployment to change a working configuration into a broken one. Section 5.1: What if the SRV records specify non-standard port numbers? Or does "not been delegated" mean the same thing as "missing SRV records"? Section 5.2: What port number should the client use in the TLSA query? Should the setup be like this? (using a non-standard port for clarity) _xmpp-client._tcp.im.example.com SRV 1 1 5555 im.example.com _5555._tcp.im.example.com TLSA ... Note that it is very unlikely for the SRV to be insecure but the TLSA to be secure and therefore usable. Perhaps it would be simpler to specify that DANE can't be used if the SRV record is not secure. Section 5.3: In this case the TLSA records should definitely be looked up using the port numbers specified in the SRV records. (That's what draft-ietf-dane-protocol section 3 says.) The requirement to check the source domain if the TLSA records are missing conflicts with section 4. I wonder if there are situations where checking the source (as in 5.1) can conflict with checking the target (as in 5.3). We need to be sure that a service can easily change from one good configuration to another good configuration without accidentally passing through a bad configuration. Section 5.4: What is the point of omitting the name check in this case? Alternatively, what is the point of including the name check in the other DANE cases? My drafts say that name checks should still be performed in the usual way, the idea being that DANE leads to additional verification code paths rather than completely distinct code paths. Tony. -- f.anthony.n.finch http://dotat.at/ Shannon, Rockall: North 6 to gale 8, backing northwest 5 to 7 later. Rough, occasionally very rough in Shannon. Rain or showers. Moderate or good. From mamille2@cisco.com Fri Jun 8 13:27:40 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4095511E8176 for ; Fri, 8 Jun 2012 13:27:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.467 X-Spam-Level: X-Spam-Status: No, score=-10.467 tagged_above=-999 required=5 tests=[AWL=0.132, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IQOCh3fZdm8M for ; Fri, 8 Jun 2012 13:27:39 -0700 (PDT) Received: from mtv-iport-4.cisco.com (mtv-iport-4.cisco.com [173.36.130.15]) by ietfa.amsl.com (Postfix) with ESMTP id 8B33811E816D for ; Fri, 8 Jun 2012 13:27:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mamille2@cisco.com; l=6108; q=dns/txt; s=iport; t=1339187259; x=1340396859; h=from:subject:date:references:to:message-id:mime-version: content-transfer-encoding; bh=W4/6mDR5i8unE1LBw36U9fxq8UDz3eFf2yf3B3hQzxk=; b=aPLNoqa1EptiW7y0tGtXLWnsqLCI/tJtIAk5b1y9GAS2+1YTUVKSQRD9 JlABBfwgAiiyAB8n+F7F19TjKNL0nMaMVikcldx1se/w3fR0P437iAkDS YYf2j/6fD5ZYFuI8M9qWhjREzHriLpcCFnkhumfcPyOWRBs/nIpwPWCG/ 0=; X-Files: smime.p7s, PGP.sig : 2214, 535 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av8EAPte0k+rRDoG/2dsb2JhbABFtFeBB4IYAQEBAwEBAQEPAVsQCxwDAQIvAiUfBwIIBhMJGYdkBAELmQ+fYYsmhSBgA4hAhXiGZoVThS6DFIFmgn8 X-IronPort-AV: E=Sophos;i="4.75,738,1330905600"; d="sig'?p7s'?scan'208";a="48150896" Received: from mtv-core-1.cisco.com ([171.68.58.6]) by mtv-iport-4.cisco.com with ESMTP; 08 Jun 2012 20:27:36 +0000 Received: from [64.101.72.35] ([64.101.72.35]) by mtv-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id q58KRZ3r023000 for ; Fri, 8 Jun 2012 20:27:35 GMT From: Matt Miller Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-54-102822266" Date: Fri, 8 Jun 2012 14:27:54 -0600 References: <20120608202212.8859.65155.idtracker@ietfa.amsl.com> To: XMPP Working Group Message-Id: Mime-Version: 1.0 (Apple Message framework v1084) Content-Transfer-Encoding: 7bit X-Pgp-Agent: GPGMail 1.3.3 X-Mailer: Apple Mail (2.1084) Subject: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-01.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2012 20:27:40 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-54-102822266 Content-Type: multipart/signed; boundary=Apple-Mail-53-102822264; protocol="application/pkcs7-signature"; micalg=sha1 --Apple-Mail-53-102822264 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii FYI, version -01 published based on feedback. - m&m Matt Miller - Cisco Systems, Inc. Begin forwarded message: > From: internet-drafts@ietf.org > Date: June 8, 2012 14:22:12 MDT > To: i-d-announce@ietf.org > Subject: I-D Action: draft-miller-xmpp-dnssec-prooftype-01.txt > Reply-To: internet-drafts@ietf.org >=20 >=20 > A New Internet-Draft is available from the on-line Internet-Drafts = directories. >=20 > Title : Using DNSSEC and DANE as a Prooftype for XMPP = Delegation > Author(s) : Matthew Miller > Peter Saint-Andre > Filename : draft-miller-xmpp-dnssec-prooftype-01.txt > Pages : 7 > Date : 2012-06-08 >=20 > This document specifies how to use DNSSEC and DANE to securely > delegate an XMPP service identified by a domain to a host associated > with a different domain. >=20 >=20 > A URL for this Internet-Draft is: > = http://www.ietf.org/internet-drafts/draft-miller-xmpp-dnssec-prooftype-01.= txt >=20 > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ >=20 > This Internet-Draft can be retrieved at: > = ftp://ftp.ietf.org/internet-drafts/draft-miller-xmpp-dnssec-prooftype-01.t= xt >=20 > The IETF datatracker page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-miller-xmpp-dnssec-prooftype/ >=20 > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt --Apple-Mail-53-102822264 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFNTCCBTEw ggMZoAMCAQICAwmYMjANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3Jp dHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMDEyMTQxNzQ3MTlaFw0x MjEyMTMxNzQ3MTlaMDwxFzAVBgNVBAMTDk1hdHRoZXcgTWlsbGVyMSEwHwYJKoZIhvcNAQkBFhJt YW1pbGxlMkBjaXNjby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7Sh5cQYtd /kfoG3KjXd8i2esxt+BtHCmuiSku2VECC6msLKzA08cGJ31GfyX7+996TV3D5omh51j5fznfFikk cVGsuKe+omo70Aidw48ISGygQk8ZJrU8JVVfTjKVJRX39wgj8w8CI/BCz4kXLirIBWKTv1ARuqsO 7I1aqT7pWHAwlAKIbYYEwfz46OjyzmqknglOecy/1PR09nXwAAIepSo0Jk9edqsU8Pdqsbx8cPUV jlFtVkk+58ORjefl+4BoGrzW24rGG2B04sNPrycNqZEaJLmdk5J9ie/FMV10H8wFW8syomuacPxv NhoUgNnkYsJiO7zJEKUUmbmW1GPFAgMBAAGjgf4wgfswDAYDVR0TAQH/BAIwADBWBglghkgBhvhC AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQgb3ZlciB0byBo dHRwOi8vd3d3LkNBY2VydC5vcmcwQAYDVR0lBDkwNwYIKwYBBQUHAwQGCCsGAQUFBwMCBgorBgEE AYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAB hhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMB0GA1UdEQQWMBSBEm1hbWlsbGUyQGNpc2NvLmNvbTAN BgkqhkiG9w0BAQUFAAOCAgEAoa/WVlTWG/rbVIFlG1tCdJrbVvIWNfUNSgojunKsoaVGCoIh7T1+ SgWe8sV+r7s5bVlq66iGxTm/qoKMHM9i4aNGlwWDkXqLHoCKbY4qKPGKnn7PaoA6DWQ5u7ZKBkn9 N2fY8iLxiAy/hLnjtRLlbSr2yBX0DbO1K0ORLDwfO2MUf1j2Cou+qVvEmyEe7cUq37iOOsNbtghT xjn+RE7WJiHcR9deAkfI1xXi7UZcFME+k6nhdnX/qWFFLox0fJJCzX1H8DTzRIjA+ciNLWSG+TRx s7fAn+YZisJdkGxMcWlHZxSu+ybPjc9T7zCyf4+yFHigdOMNxiQ2k/E9WTJ84xIis2TG3E9Nba9B PMb6cgjiqGxiFpKKHj9/5A3wDIHZ8dof+M7YFGnHzwF9i72ZEoaO3hMEhAg9LhqGtQtEZohbTZL2 FOeT+8VjUHSOKhEYurQjWrHDj+ZyDjzhOE/KMwqSWokZhoy0s+VQ05BrVlbXd5DJaB/Hem0MdDUc /6IjqtI6f8O/HLQFAVUQgtW50bfCjDOAB/SaEKzygblcAHxSKDbduRQaRst6cIHEy4eQxvxrHIhg b2KWZ00jS+7NUnAMOyzIJTcZfV5mkCb8UjMHq9NSChwpBFuDzpXxjU20xJGDvbVWNDwfbITCczph p4uuhLITzvhHKaUNwxoqx0oxggMzMIIDLwIBATCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYD VQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRo b3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDCZgyMAkGBSsOAwIaBQCg ggGHMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDYwODIwMjc1 NVowIwYJKoZIhvcNAQkEMRYEFCpsnZRGDxVT6b1AwX2o94da0K0rMIGRBgkrBgEEAYI3EAQxgYMw gYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIw IAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0 QGNhY2VydC5vcmcCAwmYMjCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAwmYMjANBgkq hkiG9w0BAQEFAASCAQCf7yt82XvpZAWd70oQh9aXV/zf/417AWB9Mj8XMUh8KrQ1PJfFoWuGm4+B 7Kmfe8G6gfkOD/4aRerryzk/3qicf803GXax8Qsiril93a6a90VDfW2DE340eEYgslJjYEt23AbJ rK8K3XdwKi6Aq0eg7hJAhDDZSEOqztIs2p6j8TZ2Yl6Q1L0QyiaJLNki1vDMWepJOwSbQStjTvh1 tF/QTowWBjKi+oSpsZW6ZWgFigZiM/oucHSvWJRvKuu1twZujcFTYdOEf3FZ+dLR2zHRIgHtoXfR rP8HvFyDl7VnHcDHPW33lUf+5oCzBsPYxWxwLNvwEo4de04DUU2MXeUyAAAAAAAA --Apple-Mail-53-102822264-- --Apple-Mail-54-102822266 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJP0mBLAAoJEJq6Ou0cgrSPHnEH/1X+W/mxpBexQHJNJ8AIMovj S5rGExrxKFs5t+HCkMscbrBkRja9i8gWCHYOZA5iS01HGlfLj2qNdu4IDovWp7dA 698ydGiygNJ/sy4zNTa1t5KXo7S1DsS4qXW44TST+OgdZN54B2fTFI/SOKjVbYqA oH5ukc0FrhSEEs59RGfG1lWhZ49ILRAt6btecnavhUXQFXXlPiOFD9uPI36M8A7x QvS4IvNCDufeyRs0m36wVYigsY77tJ96FZCWFnX2+c9fmm9BQoAh8U9Mw6nDzBK+ /UCjctp21on5e4Qf06iVwzMAxfQKb34mnSJsbV8Uap5RZl0xnM7m+gM9EXXnSXE= =9xBL -----END PGP SIGNATURE----- --Apple-Mail-54-102822266-- From stpeter@stpeter.im Mon Jun 18 13:52:31 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80E8821F85F2 for ; Mon, 18 Jun 2012 13:52:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.14 X-Spam-Level: X-Spam-Status: No, score=-102.14 tagged_above=-999 required=5 tests=[AWL=-0.141, BAYES_00=-2.599, J_CHICKENPOX_73=0.6, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WJmybncQ2Gm0 for ; Mon, 18 Jun 2012 13:52:29 -0700 (PDT) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 5735F21F85F7 for ; Mon, 18 Jun 2012 13:52:29 -0700 (PDT) Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 81FB040075 for ; Mon, 18 Jun 2012 15:09:57 -0600 (MDT) Message-ID: <4FDF950B.4060706@stpeter.im> Date: Mon, 18 Jun 2012 14:52:27 -0600 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20120601 Thunderbird/13.0 MIME-Version: 1.0 To: XMPP Working Group References: <4FDF94BF.1090103@stpeter.im> In-Reply-To: <4FDF94BF.1090103@stpeter.im> X-Enigmail-Version: 1.4.2 X-Forwarded-Message-Id: <4FDF94BF.1090103@stpeter.im> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: [xmpp] Fwd: Re: [jdev] xsd's that don't validate X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2012 20:52:31 -0000 FYI, this is a copy-and-paste error in RFC 6120. That is, the following snippet of the jabber-server schema is extraneous: /psa -------- Original Message -------- Subject: Re: [jdev] xsd's that don't validate Date: Mon, 18 Jun 2012 14:51:11 -0600 From: Peter Saint-Andre Reply-To: Jabber/XMPP software development list To: Jabber/XMPP software development list On 6/18/12 2:41 PM, Peter Saint-Andre wrote: > On 6/18/12 2:13 PM, Ralph Carlson wrote: >> I added a missing ' to streams.xsd , after that I got an error about >> the two subject elements in jabber-server.xsd (below) sounds like it >> might not be a quick fix for me, I can bypass using these for now >> >> SystemID: http://xmpp.org/schemas/jabber-server.xsd Location: 87:20 >> Description: sch-props-correct.2: A schema cannot contain two global >> components with the same name; this schema contains two occurrences >> of 'jabber:server,subject'. URL: >> http://www.w3.org/TR/xmlschema-1/#sch-props-correct > > That appears to have been a copy-and-paste error in RFC 6121. Actually, RFC 6120, not RFC 6121. Peter -- Peter Saint-Andre https://stpeter.im/ _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: JDev-unsubscribe@jabber.org _______________________________________________ From mamille2@cisco.com Fri Jun 22 06:19:41 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE17121F8596 for ; Fri, 22 Jun 2012 06:19:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.599 X-Spam-Level: X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DBOrtmybfoDf for ; Fri, 22 Jun 2012 06:19:41 -0700 (PDT) Received: from mtv-iport-4.cisco.com (mtv-iport-4.cisco.com [173.36.130.15]) by ietfa.amsl.com (Postfix) with ESMTP id E8E3D21F8592 for ; Fri, 22 Jun 2012 06:19:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mamille2@cisco.com; l=6237; q=dns/txt; s=iport; t=1340371181; x=1341580781; h=from:subject:date:references:to:message-id:mime-version: content-transfer-encoding; bh=jdTTT30uS8XIFs9SJoAjFkxbVaAUgVZNC3zvEkec1Lo=; b=lzwo83ImYmsA44zZWn+jD/Atm+tATLC9qTVQcUiU3EaHhjtE3IBynZvY aP6BbzTeNDuhY6RUnKsJv6q8Gx7TFmxfK9cdTKl9tpFRX89B1ByPRrVLH AmGHWRHimqakpHOKGXg1zM5XOm79lN07q1KiCTRTThBQ6JGYzAPHIKmKZ 4=; X-Files: smime.p7s, PGP.sig : 2214, 535 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av8EAMNv5E+rRDoJ/2dsb2JhbABFtWSBB4IYAQEBAwEBAQEPAVsQCxwDAQIvAiUfBwIIBhMJGYdkBAELmXGgCosuhSJgA4hHhX2GaIEShESFL4MWgWaCfg X-IronPort-AV: E=Sophos;i="4.77,458,1336348800"; d="sig'?p7s'?scan'208";a="49800883" Received: from mtv-core-4.cisco.com ([171.68.58.9]) by mtv-iport-4.cisco.com with ESMTP; 22 Jun 2012 13:19:40 +0000 Received: from [64.101.72.35] ([64.101.72.35]) by mtv-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id q5MDJeOX020555 for ; Fri, 22 Jun 2012 13:19:40 GMT From: Matt Miller Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-18--860751786" Date: Fri, 22 Jun 2012 07:19:44 -0600 References: <20120622130024.28609.34390.idtracker@ietfa.amsl.com> To: XMPP Working Group Message-Id: Mime-Version: 1.0 (Apple Message framework v1084) Content-Transfer-Encoding: 7bit X-Pgp-Agent: GPGMail 1.3.3 X-Mailer: Apple Mail (2.1084) Subject: [xmpp] Fwd: I-D Action: draft-miller-xmpp-e2e-01.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 13:19:41 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-18--860751786 Content-Type: multipart/signed; boundary=Apple-Mail-17--860751808; protocol="application/pkcs7-signature"; micalg=sha1 --Apple-Mail-17--860751808 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii I've updated my XMPP E2E proposal. Major changes from previous are: * updated to latest JOSE specs * section on decryption * some discussion on content key re-use (lifetime, scope) Still outstanding are: * signing (starting work on that now) * PKI management? - m&m Matt Miller - Cisco Systems, Inc. Begin forwarded message: > From: internet-drafts@ietf.org > Date: June 22, 2012 07:00:24 MDT > To: i-d-announce@ietf.org > Subject: I-D Action: draft-miller-xmpp-e2e-01.txt > Reply-To: internet-drafts@ietf.org >=20 >=20 > A New Internet-Draft is available from the on-line Internet-Drafts = directories. >=20 >=20 > Title : End-to-End Object Encryption for the = Extensible Messaging and Presence Protocol (XMPP) > Author(s) : Matthew Miller > Filename : draft-miller-xmpp-e2e-01.txt > Pages : 22 > Date : 2012-06-21 >=20 > Abstract: > This document defines a method of end-to-end object encryption for > the Extensible Messaging and Presence Protocol (XMPP). >=20 >=20 > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-miller-xmpp-e2e >=20 > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-miller-xmpp-e2e-01 >=20 > A diff from previous version is available at: > http://tools.ietf.org/rfcdiff?url2=3Ddraft-miller-xmpp-e2e-01 >=20 >=20 > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ >=20 > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt --Apple-Mail-17--860751808 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFNTCCBTEw ggMZoAMCAQICAwmYMjANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3Jp dHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMDEyMTQxNzQ3MTlaFw0x MjEyMTMxNzQ3MTlaMDwxFzAVBgNVBAMTDk1hdHRoZXcgTWlsbGVyMSEwHwYJKoZIhvcNAQkBFhJt YW1pbGxlMkBjaXNjby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7Sh5cQYtd /kfoG3KjXd8i2esxt+BtHCmuiSku2VECC6msLKzA08cGJ31GfyX7+996TV3D5omh51j5fznfFikk cVGsuKe+omo70Aidw48ISGygQk8ZJrU8JVVfTjKVJRX39wgj8w8CI/BCz4kXLirIBWKTv1ARuqsO 7I1aqT7pWHAwlAKIbYYEwfz46OjyzmqknglOecy/1PR09nXwAAIepSo0Jk9edqsU8Pdqsbx8cPUV jlFtVkk+58ORjefl+4BoGrzW24rGG2B04sNPrycNqZEaJLmdk5J9ie/FMV10H8wFW8syomuacPxv NhoUgNnkYsJiO7zJEKUUmbmW1GPFAgMBAAGjgf4wgfswDAYDVR0TAQH/BAIwADBWBglghkgBhvhC AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQgb3ZlciB0byBo dHRwOi8vd3d3LkNBY2VydC5vcmcwQAYDVR0lBDkwNwYIKwYBBQUHAwQGCCsGAQUFBwMCBgorBgEE AYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAB hhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMB0GA1UdEQQWMBSBEm1hbWlsbGUyQGNpc2NvLmNvbTAN BgkqhkiG9w0BAQUFAAOCAgEAoa/WVlTWG/rbVIFlG1tCdJrbVvIWNfUNSgojunKsoaVGCoIh7T1+ SgWe8sV+r7s5bVlq66iGxTm/qoKMHM9i4aNGlwWDkXqLHoCKbY4qKPGKnn7PaoA6DWQ5u7ZKBkn9 N2fY8iLxiAy/hLnjtRLlbSr2yBX0DbO1K0ORLDwfO2MUf1j2Cou+qVvEmyEe7cUq37iOOsNbtghT xjn+RE7WJiHcR9deAkfI1xXi7UZcFME+k6nhdnX/qWFFLox0fJJCzX1H8DTzRIjA+ciNLWSG+TRx s7fAn+YZisJdkGxMcWlHZxSu+ybPjc9T7zCyf4+yFHigdOMNxiQ2k/E9WTJ84xIis2TG3E9Nba9B PMb6cgjiqGxiFpKKHj9/5A3wDIHZ8dof+M7YFGnHzwF9i72ZEoaO3hMEhAg9LhqGtQtEZohbTZL2 FOeT+8VjUHSOKhEYurQjWrHDj+ZyDjzhOE/KMwqSWokZhoy0s+VQ05BrVlbXd5DJaB/Hem0MdDUc /6IjqtI6f8O/HLQFAVUQgtW50bfCjDOAB/SaEKzygblcAHxSKDbduRQaRst6cIHEy4eQxvxrHIhg b2KWZ00jS+7NUnAMOyzIJTcZfV5mkCb8UjMHq9NSChwpBFuDzpXxjU20xJGDvbVWNDwfbITCczph p4uuhLITzvhHKaUNwxoqx0oxggMzMIIDLwIBATCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYD VQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRo b3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDCZgyMAkGBSsOAwIaBQCg ggGHMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDYyMjEzMTk0 NVowIwYJKoZIhvcNAQkEMRYEFDfxYNUrneu9qquZFZO0rPsA5C+UMIGRBgkrBgEEAYI3EAQxgYMw gYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIw IAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0 QGNhY2VydC5vcmcCAwmYMjCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAwmYMjANBgkq hkiG9w0BAQEFAASCAQBNdLKCZ0KRdoZyQ7Ao/ViHFPKAxSzFAux22IKk3Wd2Zp5M++Osi5SIsIbB 2w5caWjN4TDsitvGC5o5xyxZo8XmG2GfwM0/+g4UyZopyTClpMo4684SgKfA+obUPOMLidiyvMpY D4GleaRbkWdr7S0YsO3r/4CaIc3hy+5PSoPhyEeqBQ4blrM6EdXzVvzCJY3dVneL26EDo20/tpuC hzTRwNLaSSNVsXE/5dOf1qJZTxAkX5+LZ9gbAUYBPPKzuqOlaR5+T14aLwY6lEmk73owpXLNXu/I SiQZE54AeYKVdNX5CMsOP3AqV8JUBTzVpfE3FwaQmPmQrSrseomhAkaRAAAAAAAA --Apple-Mail-17--860751808-- --Apple-Mail-18--860751786 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJP5HDwAAoJEJq6Ou0cgrSPFsIIANWIVvijA9JfYG1cwnfGiIKg EMdRcCkDF6ZyPFtmA4He/Ca4Wdk+FmtEDmsxIMw7R/7XtP7jQdgwaOYF3PCD3lVo LDA+T829mMTrUFL/Owqlx1Vg1BVRQo0zMs+R710j2rOZ+WoJDamWzhCrC8WcIH8d Rol8mAF17D1Qa5Qwktnoxjgn5jMADWEJruO6zhLdh+R+oXu7aexh8Vr7nu4oSZPe VoPEsdnf1ebzzMoJXmKKoz/hL04JaKx+7jzRGrWKVIfvF41qQprMayxgo9SCGnUM HlknPOo/vKKhQqu/aBTnrSTomWKcCXR83I24z+2gs8qg2/ZvMqnXS63r6GfTF4w= =68WT -----END PGP SIGNATURE----- --Apple-Mail-18--860751786-- From mamille2@cisco.com Fri Jun 22 16:46:44 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11A9411E8096 for ; Fri, 22 Jun 2012 16:46:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.586 X-Spam-Level: X-Spam-Status: No, score=-10.586 tagged_above=-999 required=5 tests=[AWL=0.013, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1tCS5DtrlHh6 for ; Fri, 22 Jun 2012 16:46:43 -0700 (PDT) Received: from mtv-iport-4.cisco.com (mtv-iport-4.cisco.com [173.36.130.15]) by ietfa.amsl.com (Postfix) with ESMTP id 51A6611E8095 for ; Fri, 22 Jun 2012 16:46:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mamille2@cisco.com; l=6755; q=dns/txt; s=iport; t=1340408803; x=1341618403; h=from:mime-version:subject:date:in-reply-to:to:references: message-id:content-transfer-encoding; bh=55HV7wkYl6CvFCu/K6CJcNMiQ3q01+AcfhXckMIa1J0=; b=WWKWJpFX4VLqg8DQh4zRGL1t6kOK4VN5ihfUy0cXRK9XGhcvVcctbjbx Iju67vNY06aMRqZ7IX7+GqrvgyS3IAEwmIKDryrMn9NdWB0KlTtrtWIUr BH48RecsK0S66qfIE7ljiNT6xN0DreZVYVu3ze06sAQKLatjzJZ7G8C7+ 0=; X-Files: smime.p7s, PGP.sig : 2214, 535 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av8EAPQC5U+rRDoI/2dsb2JhbABFtWeBB4IYAQEBAwEBAQEPAVsQCwsRAwECLwIlHwkIBhMJGYdkBAELmiifYYsuGoUIYAOIR4V9hmiBEoREhS+DFoFmgn6BQA X-IronPort-AV: E=Sophos;i="4.77,460,1336348800"; d="sig'?p7s'?scan'208";a="49847004" Received: from mtv-core-3.cisco.com ([171.68.58.8]) by mtv-iport-4.cisco.com with ESMTP; 22 Jun 2012 23:46:43 +0000 Received: from [64.101.72.35] ([64.101.72.35]) by mtv-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id q5MNkgkp025122 for ; Fri, 22 Jun 2012 23:46:42 GMT From: Matt Miller Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-51--823129417" Date: Fri, 22 Jun 2012 17:46:46 -0600 In-Reply-To: To: XMPP Working Group References: <20120622130024.28609.34390.idtracker@ietfa.amsl.com> Message-Id: Content-Transfer-Encoding: 7bit X-Pgp-Agent: GPGMail 1.3.3 X-Mailer: Apple Mail (2.1084) Subject: Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-e2e-01.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 23:46:44 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-51--823129417 Content-Type: multipart/signed; boundary=Apple-Mail-50--823129420; protocol="application/pkcs7-signature"; micalg=sha1 --Apple-Mail-50--823129420 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii There is discussion of this on the JOSE WG at the moment; start at < = http://www.ietf.org/mail-archive/web/jose/current/msg00712.html > and = walk by date. - m&m Matt Miller - Cisco Systems, Inc. On Jun 22, 2012, at 07:19, Matt Miller wrote: > I've updated my XMPP E2E proposal. Major changes from previous are: >=20 > * updated to latest JOSE specs > * section on decryption > * some discussion on content key re-use (lifetime, scope) >=20 > Still outstanding are: >=20 > * signing (starting work on that now) > * PKI management? >=20 >=20 > - m&m >=20 > Matt Miller - > Cisco Systems, Inc. >=20 >=20 > Begin forwarded message: >=20 >> From: internet-drafts@ietf.org >> Date: June 22, 2012 07:00:24 MDT >> To: i-d-announce@ietf.org >> Subject: I-D Action: draft-miller-xmpp-e2e-01.txt >> Reply-To: internet-drafts@ietf.org >>=20 >>=20 >> A New Internet-Draft is available from the on-line Internet-Drafts = directories. >>=20 >>=20 >> Title : End-to-End Object Encryption for the = Extensible Messaging and Presence Protocol (XMPP) >> Author(s) : Matthew Miller >> Filename : draft-miller-xmpp-e2e-01.txt >> Pages : 22 >> Date : 2012-06-21 >>=20 >> Abstract: >> This document defines a method of end-to-end object encryption for >> the Extensible Messaging and Presence Protocol (XMPP). >>=20 >>=20 >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-miller-xmpp-e2e >>=20 >> There's also a htmlized version available at: >> http://tools.ietf.org/html/draft-miller-xmpp-e2e-01 >>=20 >> A diff from previous version is available at: >> http://tools.ietf.org/rfcdiff?url2=3Ddraft-miller-xmpp-e2e-01 >>=20 >>=20 >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >>=20 >> _______________________________________________ >> I-D-Announce mailing list >> I-D-Announce@ietf.org >> https://www.ietf.org/mailman/listinfo/i-d-announce >> Internet-Draft directories: http://www.ietf.org/shadow.html >> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt >=20 > _______________________________________________ > xmpp mailing list > xmpp@ietf.org > https://www.ietf.org/mailman/listinfo/xmpp --Apple-Mail-50--823129420 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFNTCCBTEw ggMZoAMCAQICAwmYMjANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3Jp dHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMDEyMTQxNzQ3MTlaFw0x MjEyMTMxNzQ3MTlaMDwxFzAVBgNVBAMTDk1hdHRoZXcgTWlsbGVyMSEwHwYJKoZIhvcNAQkBFhJt YW1pbGxlMkBjaXNjby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7Sh5cQYtd /kfoG3KjXd8i2esxt+BtHCmuiSku2VECC6msLKzA08cGJ31GfyX7+996TV3D5omh51j5fznfFikk cVGsuKe+omo70Aidw48ISGygQk8ZJrU8JVVfTjKVJRX39wgj8w8CI/BCz4kXLirIBWKTv1ARuqsO 7I1aqT7pWHAwlAKIbYYEwfz46OjyzmqknglOecy/1PR09nXwAAIepSo0Jk9edqsU8Pdqsbx8cPUV jlFtVkk+58ORjefl+4BoGrzW24rGG2B04sNPrycNqZEaJLmdk5J9ie/FMV10H8wFW8syomuacPxv NhoUgNnkYsJiO7zJEKUUmbmW1GPFAgMBAAGjgf4wgfswDAYDVR0TAQH/BAIwADBWBglghkgBhvhC AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQgb3ZlciB0byBo dHRwOi8vd3d3LkNBY2VydC5vcmcwQAYDVR0lBDkwNwYIKwYBBQUHAwQGCCsGAQUFBwMCBgorBgEE AYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAB hhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMB0GA1UdEQQWMBSBEm1hbWlsbGUyQGNpc2NvLmNvbTAN BgkqhkiG9w0BAQUFAAOCAgEAoa/WVlTWG/rbVIFlG1tCdJrbVvIWNfUNSgojunKsoaVGCoIh7T1+ SgWe8sV+r7s5bVlq66iGxTm/qoKMHM9i4aNGlwWDkXqLHoCKbY4qKPGKnn7PaoA6DWQ5u7ZKBkn9 N2fY8iLxiAy/hLnjtRLlbSr2yBX0DbO1K0ORLDwfO2MUf1j2Cou+qVvEmyEe7cUq37iOOsNbtghT xjn+RE7WJiHcR9deAkfI1xXi7UZcFME+k6nhdnX/qWFFLox0fJJCzX1H8DTzRIjA+ciNLWSG+TRx s7fAn+YZisJdkGxMcWlHZxSu+ybPjc9T7zCyf4+yFHigdOMNxiQ2k/E9WTJ84xIis2TG3E9Nba9B PMb6cgjiqGxiFpKKHj9/5A3wDIHZ8dof+M7YFGnHzwF9i72ZEoaO3hMEhAg9LhqGtQtEZohbTZL2 FOeT+8VjUHSOKhEYurQjWrHDj+ZyDjzhOE/KMwqSWokZhoy0s+VQ05BrVlbXd5DJaB/Hem0MdDUc /6IjqtI6f8O/HLQFAVUQgtW50bfCjDOAB/SaEKzygblcAHxSKDbduRQaRst6cIHEy4eQxvxrHIhg b2KWZ00jS+7NUnAMOyzIJTcZfV5mkCb8UjMHq9NSChwpBFuDzpXxjU20xJGDvbVWNDwfbITCczph p4uuhLITzvhHKaUNwxoqx0oxggMzMIIDLwIBATCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYD VQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRo b3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDCZgyMAkGBSsOAwIaBQCg ggGHMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDYyMjIzNDY0 N1owIwYJKoZIhvcNAQkEMRYEFIoSv0ZbGUSHAldGK/JAJrPgIy5EMIGRBgkrBgEEAYI3EAQxgYMw gYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIw IAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0 QGNhY2VydC5vcmcCAwmYMjCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAwmYMjANBgkq hkiG9w0BAQEFAASCAQBvAHc7OYVHcnRWkZBVUXlojYtpaegh2AYSrS3pS7zfwPBiC7W5btZdsHaH OiIkOdWveakW0vdiLrG/8rjOg1R+rZCJqE1YyNWPoLN+NgLKvnnsp/Dp5QDWydDjXaZt+nKsd28o xFMIleCMg/PzBNSHAOa8bDnhzadO8kuIAv6u1jo0HfgqqcbD9HjFWHvaZjxKf8yKrMTpugOMngTs wnUPudeBOZ3oPglm98C7aU8lInNXg/EWuSicGd5LT6xq/TPKOoRvL8tFVPMfNpQUGG2mBekMbIbj cP3r38bN6I3+M/LF7mlqjN8fdxCuWiZU/AHrl+PpxEiJoWHUC6qYY3AzAAAAAAAA --Apple-Mail-50--823129420-- --Apple-Mail-51--823129417 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJP5QPnAAoJEJq6Ou0cgrSPyFQH/AxQYvNmzlfMCbWZCkJmcrlu g59ElaBUtgfRAZvzGXxbRyLAilQb/2eL2sZKqJGh2kOevGWLroL5Tfbg+/G1IKnN gt2PWq0QFniXDYnp4FklgyAT9laQ+5+mt46PvKUu0R/2rcOxSTAawZ0qXVHB3xsf XQHplDw76CJzjbfZ0JJr34HrIIRMghBUb6WhhC1/HUmyG5OwHUuNzGEFym4HVWpc p34WBm4FaPoHYf4ZLmhXObNtW1ORjkWyid5pglYmJ3L60xSEitAqK58KXKn8eNhS O3MLa+mabu7SHGd68tpE4J6nvpZhI7r8Fp6jpgE3yfMyytLFFHO/md9UAUkoYWw= =/sNJ -----END PGP SIGNATURE----- --Apple-Mail-51--823129417-- From metajack@gmail.com Mon Jun 25 14:55:07 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 295C611E80C0; Mon, 25 Jun 2012 14:55:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.977 X-Spam-Level: X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WQOnI5PYihwa; Mon, 25 Jun 2012 14:55:06 -0700 (PDT) Received: from mail-qa0-f44.google.com (mail-qa0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id 6455511E808C; Mon, 25 Jun 2012 14:55:06 -0700 (PDT) Received: by qadz3 with SMTP id z3so1616388qad.10 for ; Mon, 25 Jun 2012 14:55:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=uMIkcTPNZNIMRXfM2GQAh7zFVoh/H/Pb13J/0uLn7i4=; b=ShdmzzOgEskLZxFcA/tRsXkOxJHU+yhw6evB5pUsbmFzRrUHTEk1MBenpmRsEedYgq EY2pFSOiAU/Sc5yVFBMRZFcUDAxdJJQj9POJPi7/e1eV8sOyDNPiobxPw1j3QiJosJ08 Wenm2C3K8RuKL7dC9niJdXccER6slMeCDfHMKYlPUEN04Nt8cTnwlr1PJxNFhEInKzyW rkkJA15KBsC0Ei0eBbN/+vPDj4ysWcnJEr9JJWx2WexJNHVSTxh8LN7oM2hEfv0vjAFT 7Hs3/I0iTvrz3dEL/X0rwW7HtxgOARm3zr9AYUkhNXxtFPmVHXTk+hCI2eGIG+BUU91z pygw== MIME-Version: 1.0 Received: by 10.224.40.2 with SMTP id i2mr22420149qae.62.1340661305735; Mon, 25 Jun 2012 14:55:05 -0700 (PDT) Sender: metajack@gmail.com Received: by 10.229.246.7 with HTTP; Mon, 25 Jun 2012 14:55:05 -0700 (PDT) In-Reply-To: <20120625215354.8426.66267.idtracker@ietfa.amsl.com> References: <20120625215354.8426.66267.idtracker@ietfa.amsl.com> Date: Mon, 25 Jun 2012 15:55:05 -0600 X-Google-Sender-Auth: dQdcJvxoBVOUzXq6_4C2dCOgS3U Message-ID: From: Jack Moffitt To: XMPP , Hybi , "Jabber/XMPP software development list" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: [xmpp] Fwd: New Version Notification for draft-moffitt-xmpp-over-websocket-01.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 21:55:07 -0000 I've just updated and submitted a new draft. The changes are fairly minor, mostly clarification of a few things that were pointed out in the last draft and updated references. Please let me know if you have any comments. jack. ---------- Forwarded message ---------- From: Date: Mon, Jun 25, 2012 at 3:53 PM Subject: New Version Notification for draft-moffitt-xmpp-over-websocket-01.= txt To: jack@metajack.im Cc: ecestari@process-one.com A new version of I-D, draft-moffitt-xmpp-over-websocket-01.txt has been successfully submitted by Jack Moffitt and posted to the IETF repository. Filename: =A0 =A0 =A0 =A0draft-moffitt-xmpp-over-websocket Revision: =A0 =A0 =A0 =A001 Title: =A0 =A0 =A0 =A0 =A0 An XMPP Sub-protocol for WebSocket Creation date: =A0 2012-06-25 WG ID: =A0 =A0 =A0 =A0 =A0 Individual Submission Number of pages: 12 URL: http://www.ietf.org/internet-drafts/draft-moffitt-xmpp-over-websocket-01.tx= t Status: http://datatracker.ietf.org/doc/draft-moffitt-xmpp-over-websocket Htmlized: =A0 =A0 =A0 =A0http://tools.ietf.org/html/draft-moffitt-xmpp-over= -websocket-01 Diff: http://tools.ietf.org/rfcdiff?url2=3Ddraft-moffitt-xmpp-over-websocket-01 Abstract: =A0 This document defines a binding for the XMPP protocol over a =A0 WebSocket transport layer. =A0A WebSocket binding for XMPP provides =A0 higher performance than the current HTTP binding for XMPP. The IETF Secretariat From stpeter@stpeter.im Tue Jun 26 13:58:47 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 174D011E80CC for ; Tue, 26 Jun 2012 13:58:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.48 X-Spam-Level: X-Spam-Status: No, score=-102.48 tagged_above=-999 required=5 tests=[AWL=0.119, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dKNq175EvjSs for ; Tue, 26 Jun 2012 13:58:46 -0700 (PDT) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 41F9D21F84DD for ; Tue, 26 Jun 2012 13:58:46 -0700 (PDT) Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 54F804005A for ; Tue, 26 Jun 2012 15:16:39 -0600 (MDT) Message-ID: <4FEA2284.70105@stpeter.im> Date: Tue, 26 Jun 2012 14:58:44 -0600 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: XMPP Working Group X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: [xmpp] SIP-XMPP mapping specs X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2012 20:58:47 -0000 Recently I've received expressions of interest in reviving and finalizing the SIP-XMPP mapping specifications. In rough order of maturity they are: http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-core/ http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-presence/ http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-im/ http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-chat/ http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-groupchat/ http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-media/ If anyone here would like to provide feedback on these specs, I would appreciate hearing about off-list so that I can determine if there's energy enough to move them forward somehow (that might not be in the XMPP WG, although there's an item on the WG's charter to "define a framework within which this work could be completed"). Thanks! Peter -- Peter Saint-Andre https://stpeter.im/ From zash@zash.se Tue Jun 26 18:27:28 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF5F311E8101; Tue, 26 Jun 2012 18:27:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.249 X-Spam-Level: X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pTVYQ-PEDdsm; Tue, 26 Jun 2012 18:27:27 -0700 (PDT) Received: from mail.zash.se (ip66.hethane.riksnet.nu [85.11.25.66]) by ietfa.amsl.com (Postfix) with ESMTP id 6D55711E8085; Tue, 26 Jun 2012 18:27:27 -0700 (PDT) Received: from [77.110.10.237] (ip3-237.bon.riksnet.se [77.110.10.237]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: zash) by mail.zash.se (Postfix) with ESMTPSA id AB37460EDC; Wed, 27 Jun 2012 03:27:23 +0200 (CEST) Message-ID: <4FEA616B.6040201@zash.se> Date: Wed, 27 Jun 2012 03:27:07 +0200 From: Kim Alvefur User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: Jack Moffitt References: <20120625215354.8426.66267.idtracker@ietfa.amsl.com> In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig42AD266655FDDD60C69669DF" Cc: Hybi , Jabber/XMPP software development list , XMPP Subject: Re: [xmpp] Fwd: New Version Notification for draft-moffitt-xmpp-over-websocket-01.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2012 01:27:28 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig42AD266655FDDD60C69669DF Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 2012-06-25T23:55:05 CEST, Jack Moffitt wrote: > I've just updated and submitted a new draft. > > The changes are fairly minor, mostly clarification of a few things > that were pointed out in the last draft and updated references. Great to see things moving again! > Please let me know if you have any comments. >TLS cannot be used in The XMPP sub-protocol because the sub-protocol > does not allow for raw binary data to be sent. This is no longer correct, you can now send binary data. Not that it=20 makes TLS over WS (over SSL) a good idea. I expected a pointer=20 towards wss instead. Also applies to Security Considerations. > Examples will be added as soon as the WebSocket protocol > specification is more stable. More stable than a published RFC? ;) > If a registry is created for WebSocket sub-protocols, the xmpp sub- > protocol will be registered. There was. --------------enig42AD266655FDDD60C69669DF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJP6mFrAAoJEK3tmne2etMpi0MP/1PCpgX79ynVLx+gsWsg3R4T sRF0G5dxlz776Dmue7Cs45kBNcj/4EuB1gBGsWH0WdlgNnLuc3LFOX2bPxwOTx+q 9EYhFOsO9SCkD4lFIoCJC36/CRgAR4S4z+FobZJJzi7nP4R2kmQo0iKKOWgXpEPq 5lOjoQ1YvIAffBR5ZdmDpQkZF0r2jaWzMAv6C5qmEHC2O1HyyIyzd4f6nN38hPqV oZARehIV8eiEjfwlsW2lspMv+1xLvSiNWSVFbmi6+0yC04Uz4ZlHFtSl2nOm5ruW 7UJSXBOhXtVirjoXxYF32yJtmJKWC5VWKNykyPdYD8LniBZ2g19Xp+7RPFKVxyXN TotV/C75lVpRe2Z8oRKA98u9zUXo6XTaAP9mzLhIht/FLHDjOyLlCae0pN4miIYC PnRYLNR3b+ds0d93zawz8TsBCnI77MGl8lZEu6qq2z9lEOlkzmq169SPpGs3MC66 N5q6VRa1z2Dk25KfSEVpefuH46Z1Bq45WFvoOFEtdURtEJ+w+FmOo90qKvCeZFOL EEP9mERPfBeSOl1nibTIJDBGRgtQXPrP0f+nxV+iKQsecueom9gx6fZOeDN+cxH7 OOBWL6c739WlaUwe5db4J83DwA454LX3OYSEHpMBnMB9UKJRxmCLsnatjVLCCj3g aZQc1oiEeXYdrxlshu5r =Ny0a -----END PGP SIGNATURE----- --------------enig42AD266655FDDD60C69669DF-- From stpeter@stpeter.im Tue Jun 26 20:31:50 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 404C321F84CF for ; Tue, 26 Jun 2012 20:31:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.487 X-Spam-Level: X-Spam-Status: No, score=-102.487 tagged_above=-999 required=5 tests=[AWL=0.113, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QjkRsspAwHE4 for ; Tue, 26 Jun 2012 20:31:48 -0700 (PDT) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 6B00221F84BF for ; Tue, 26 Jun 2012 20:31:48 -0700 (PDT) Received: from [192.168.0.9] (unknown [216.17.179.227]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 8B71A4005A; Tue, 26 Jun 2012 21:49:41 -0600 (MDT) Message-ID: <4FEA7EA1.7060004@stpeter.im> Date: Tue, 26 Jun 2012 21:31:45 -0600 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: Kim Alvefur References: <20120625215354.8426.66267.idtracker@ietfa.amsl.com> <4FEA616B.6040201@zash.se> In-Reply-To: <4FEA616B.6040201@zash.se> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: XMPP Subject: Re: [xmpp] Fwd: New Version Notification for draft-moffitt-xmpp-over-websocket-01.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2012 03:31:50 -0000 On 6/26/12 7:27 PM, Kim Alvefur wrote: > On 2012-06-25T23:55:05 CEST, Jack Moffitt wrote: >> I've just updated and submitted a new draft. >> >> The changes are fairly minor, mostly clarification of a few things >> that were pointed out in the last draft and updated references. > > Great to see things moving again! > >> Please let me know if you have any comments. > >> TLS cannot be used in The XMPP sub-protocol because the sub-protocol >> does not allow for raw binary data to be sent. > > This is no longer correct, you can now send binary data. Not that it > makes TLS over WS (over SSL) a good idea. Agreed. > I expected a pointer > towards wss instead. Also applies to Security Considerations. > >> Examples will be added as soon as the WebSocket protocol >> specification is more stable. > > More stable than a published RFC? ;) > >> If a registry is created for WebSocket sub-protocols, the xmpp sub- >> protocol will be registered. > > There was. http://www.iana.org/assignments/websocket/websocket.xml The registration policy is first come first served, so this sub-protocol could be registered now if desired. Peter -- Peter Saint-Andre https://stpeter.im/ From mamille2@cisco.com Wed Jun 27 09:19:41 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D95A221F8741 for ; Wed, 27 Jun 2012 09:19:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.299 X-Spam-Level: X-Spam-Status: No, score=-10.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pQhKaTofAEdk for ; Wed, 27 Jun 2012 09:19:40 -0700 (PDT) Received: from mtv-iport-3.cisco.com (mtv-iport-3.cisco.com [173.36.130.14]) by ietfa.amsl.com (Postfix) with ESMTP id D338421F86F2 for ; Wed, 27 Jun 2012 09:19:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mamille2@cisco.com; l=5443; q=dns/txt; s=iport; t=1340813980; x=1342023580; h=subject:mime-version:from:in-reply-to:date:cc:message-id: references:to:content-transfer-encoding; bh=ps+9ni176eWmm9T2B1Jtbs0530fO4n+XOhh0mQnTN1I=; b=equdaXhMc/evuIrsn1QEimafRBJm6dpRQ6yh6xLm4ZmEr+J5Dcn6W+bE jIZcOoduyrtWBevGh+KtltSUam+n7g93ExsnASNLNWz8NZhqlH1eoKKaX t5NSrh2W6Yr2uazSpaAJVRTm+LrblBcjGjcdzVTBzUA8c+TevCb2jXtl5 E=; X-Files: smime.p7s, PGP.sig : 2214, 535 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av0EAEsy60+rRDoJ/2dsb2JhbABFtimBB4IYAQEBAwESAWYFCwsOOAJVBhMih2QEmTSgR4s3hSpgA4hKhX2Ga44dgWaCfg X-IronPort-AV: E=Sophos;i="4.77,483,1336348800"; d="sig'?p7s'?scan'208";a="47792346" Received: from mtv-core-4.cisco.com ([171.68.58.9]) by mtv-iport-3.cisco.com with ESMTP; 27 Jun 2012 16:19:40 +0000 Received: from sjc-vpn7-1229.cisco.com (sjc-vpn7-1229.cisco.com [10.21.148.205]) by mtv-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id q5RGJeEJ008568; Wed, 27 Jun 2012 16:19:40 GMT Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-4--417957128" From: Matt Miller In-Reply-To: Date: Wed, 27 Jun 2012 10:19:39 -0600 Message-Id: <4975B6EA-000B-4C23-9D8F-47184E5BC126@cisco.com> References: <20120608202212.8859.65155.idtracker@ietfa.amsl.com> To: Philipp Hancke Content-Transfer-Encoding: 7bit X-Pgp-Agent: GPGMail 1.3.3 X-Mailer: Apple Mail (2.1084) Cc: XMPP Working Group Subject: Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-01.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2012 16:19:42 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-4--417957128 Content-Type: multipart/signed; boundary=Apple-Mail-3--417957132; protocol="application/pkcs7-signature"; micalg=sha1 --Apple-Mail-3--417957132 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On Jun 27, 2012, at 09:16, Philipp Hancke wrote: > i'm pondering on the proof name. The prooftype is using dnssec, but = uses it to extend the 6125 to allow secure delegation. > I.e. it either explains how to do delegation within a PKI prooftype or = is a proof PKI-Delegation proof. >=20 > DNSSEC alone might (mostly in the context of s2s and server dialback) = be a different proof (used by the connecting server instead of dialbacks = current faith in insecure dns). >=20 First; Peter and I will be submitting a new DNA (Domain Name = Associations) draft soon, which defines a few terms like "prooftype", = "delegation method", and "assertion mechanism". The goal is to have it = published before the end of the week, so stay tuned! I don't think if DNSSEC in and of itself is really a proof; it's not = providing verification material directly. I do think it is a delegation = method, which then makes dialback keys a worthwhile prooftype! - m&m Matt Miller - Cisco Systems, Inc. --Apple-Mail-3--417957132 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFNTCCBTEw ggMZoAMCAQICAwmYMjANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3Jp dHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMDEyMTQxNzQ3MTlaFw0x MjEyMTMxNzQ3MTlaMDwxFzAVBgNVBAMTDk1hdHRoZXcgTWlsbGVyMSEwHwYJKoZIhvcNAQkBFhJt YW1pbGxlMkBjaXNjby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7Sh5cQYtd /kfoG3KjXd8i2esxt+BtHCmuiSku2VECC6msLKzA08cGJ31GfyX7+996TV3D5omh51j5fznfFikk cVGsuKe+omo70Aidw48ISGygQk8ZJrU8JVVfTjKVJRX39wgj8w8CI/BCz4kXLirIBWKTv1ARuqsO 7I1aqT7pWHAwlAKIbYYEwfz46OjyzmqknglOecy/1PR09nXwAAIepSo0Jk9edqsU8Pdqsbx8cPUV jlFtVkk+58ORjefl+4BoGrzW24rGG2B04sNPrycNqZEaJLmdk5J9ie/FMV10H8wFW8syomuacPxv NhoUgNnkYsJiO7zJEKUUmbmW1GPFAgMBAAGjgf4wgfswDAYDVR0TAQH/BAIwADBWBglghkgBhvhC AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQgb3ZlciB0byBo dHRwOi8vd3d3LkNBY2VydC5vcmcwQAYDVR0lBDkwNwYIKwYBBQUHAwQGCCsGAQUFBwMCBgorBgEE AYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAB hhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMB0GA1UdEQQWMBSBEm1hbWlsbGUyQGNpc2NvLmNvbTAN BgkqhkiG9w0BAQUFAAOCAgEAoa/WVlTWG/rbVIFlG1tCdJrbVvIWNfUNSgojunKsoaVGCoIh7T1+ SgWe8sV+r7s5bVlq66iGxTm/qoKMHM9i4aNGlwWDkXqLHoCKbY4qKPGKnn7PaoA6DWQ5u7ZKBkn9 N2fY8iLxiAy/hLnjtRLlbSr2yBX0DbO1K0ORLDwfO2MUf1j2Cou+qVvEmyEe7cUq37iOOsNbtghT xjn+RE7WJiHcR9deAkfI1xXi7UZcFME+k6nhdnX/qWFFLox0fJJCzX1H8DTzRIjA+ciNLWSG+TRx s7fAn+YZisJdkGxMcWlHZxSu+ybPjc9T7zCyf4+yFHigdOMNxiQ2k/E9WTJ84xIis2TG3E9Nba9B PMb6cgjiqGxiFpKKHj9/5A3wDIHZ8dof+M7YFGnHzwF9i72ZEoaO3hMEhAg9LhqGtQtEZohbTZL2 FOeT+8VjUHSOKhEYurQjWrHDj+ZyDjzhOE/KMwqSWokZhoy0s+VQ05BrVlbXd5DJaB/Hem0MdDUc /6IjqtI6f8O/HLQFAVUQgtW50bfCjDOAB/SaEKzygblcAHxSKDbduRQaRst6cIHEy4eQxvxrHIhg b2KWZ00jS+7NUnAMOyzIJTcZfV5mkCb8UjMHq9NSChwpBFuDzpXxjU20xJGDvbVWNDwfbITCczph p4uuhLITzvhHKaUNwxoqx0oxggMzMIIDLwIBATCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYD VQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRo b3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDCZgyMAkGBSsOAwIaBQCg ggGHMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDYyNzE2MTkz OVowIwYJKoZIhvcNAQkEMRYEFBWSqrjbNhJ83RRIvbhCK2hjkoRlMIGRBgkrBgEEAYI3EAQxgYMw gYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIw IAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0 QGNhY2VydC5vcmcCAwmYMjCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAwmYMjANBgkq hkiG9w0BAQEFAASCAQA/i5Ny75j+5zx6Ozc3tOMUgGgj+lveTd4LnVxSXYHm2H4K61d8uiu6Gh+7 dB69emxmT8MAIhOnAkmdBSG87+JyF2LWh3SzVtFkemQ5G9xRVSis9ZKnYRExPtvE48u69QpxsV/S hGbTURNhuXG+b0nj4D4JayEJ2vKuwZN739PbGE4h2YCN+jGez8ZLNKrGU2DFlC56QTPd6v8PfNMo Y0yMYY/PoivscyCB0ViRu8rCRZJK10PePsG2GuXx5PgRBXYSIfLeee4iHHXZvwTUfKCgAnaz9iZu 7YvxNbqAsFlIuEXYGLxqlC2jqUgtpV6FanuNileHTAHAV/IY0RwomjDXAAAAAAAA --Apple-Mail-3--417957132-- --Apple-Mail-4--417957128 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJP6zKbAAoJEJq6Ou0cgrSP5ScH/AgDvbMSFuh1cz6eds7OUnpT oCNpL+9PzoKIRYk68jeRMtkqmKkOuHVhpklFqGIM7KmyCPTEq2dopx9s+KDVsoxT yT3HClvjl53j/VTv/AVJncpsB0T8UmTj68Nv8WRocYr4smIoowz7hqhJ22PGSPPM 7+0ztOCFg5+zgTncQ8rX4DmmWDbnlig9RcXhQTZ0qe/o7QBmQ7ODgEQE77wH+/N/ iDEihz6Pp4FEfWfasrP4oHh16hIReOE+LJJODClHblcn1kHoq7AZuS7vLjEh5sFb Ym3dVtWTVlr8DRLQNuRnPrC7+8aU2PK6C+8gXjiQk4AYRDPVN01BKnoFsPN+MnM= =9u62 -----END PGP SIGNATURE----- --Apple-Mail-4--417957128-- From fippo@goodadvice.pages.de Wed Jun 27 10:29:33 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3825611E808F for ; Wed, 27 Jun 2012 10:29:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jgpMsoFrUE+z for ; Wed, 27 Jun 2012 10:29:32 -0700 (PDT) Received: from lo.psyced.org (lost.IN.psyced.org [188.40.42.221]) by ietfa.amsl.com (Postfix) with ESMTP id 6581B11E8073 for ; Wed, 27 Jun 2012 10:29:32 -0700 (PDT) Received: from [192.168.2.100] (p54972A74.dip.t-dialin.net [84.151.42.116]) (authenticated bits=0) by lo.psyced.org (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q5RHTPLN021231 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 27 Jun 2012 19:29:29 +0200 Message-ID: <4FEB42EF.9030701@goodadvice.pages.de> Date: Wed, 27 Jun 2012 19:29:19 +0200 From: Philipp Hancke User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: Matt Miller References: <20120608202212.8859.65155.idtracker@ietfa.amsl.com> <4975B6EA-000B-4C23-9D8F-47184E5BC126@cisco.com> In-Reply-To: <4975B6EA-000B-4C23-9D8F-47184E5BC126@cisco.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: XMPP Working Group Subject: Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-01.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2012 17:29:33 -0000 Am 27.06.2012 18:19, schrieb Matt Miller: > On Jun 27, 2012, at 09:16, Philipp Hancke wrote: > >> i'm pondering on the proof name. The prooftype is using dnssec, but uses it to extend the 6125 to allow secure delegation. >> I.e. it either explains how to do delegation within a PKI prooftype or is a proof PKI-Delegation proof. >> >> DNSSEC alone might (mostly in the context of s2s and server dialback) be a different proof (used by the connecting server instead of dialbacks current faith in insecure dns). >> > > First; Peter and I will be submitting a new DNA (Domain Name Associations) draft soon, which defines a few terms like "prooftype", "delegation method", and "assertion mechanism". The goal is to have it published before the end of the week, so stay tuned! > > I don't think if DNSSEC in and of itself is really a proof; it's not providing verification material directly. I do think it is a delegation method, which then makes dialback keys a worthwhile prooftype! I expect dial-back keys (the xep 0185 stuff) to (gradually) become obsolete. The cridlandish samecert optimization yields a similar proof of possession using the shared private x509 key and has less round-trips. There are a few cases where this does not work, typically large sites that use multiple certificates, but one might expect them to deploy DANE. DNSSEC still helps to ensure that you send stanzas to the right peer. From mamille2@cisco.com Wed Jun 27 11:44:31 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EEAB11E808F for ; Wed, 27 Jun 2012 11:44:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.449 X-Spam-Level: X-Spam-Status: No, score=-10.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P6HP7pfcBmXh for ; Wed, 27 Jun 2012 11:44:30 -0700 (PDT) Received: from mtv-iport-4.cisco.com (mtv-iport-4.cisco.com [173.36.130.15]) by ietfa.amsl.com (Postfix) with ESMTP id B6B1611E8086 for ; Wed, 27 Jun 2012 11:44:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mamille2@cisco.com; l=5260; q=dns/txt; s=iport; t=1340822670; x=1342032270; h=from:subject:date:message-id:to:mime-version: content-transfer-encoding; bh=GvTfL0bKknQHFcqh+2OHtt+UGahL4QtI0XzP2YwmRzs=; b=Xf02vVS1OM6eBfpBggLiuqigy4RzIbw2knbMkK1ztHU/A68crntGSTxm tJDNRBz5delhAX0Bl/yNthyRCFr1VMOYGMq585F99B5bXLI/l76h7FG3D IZmHY3mdfL3kbQPbLhdN3W5VVRqUdlwrUPZJtDKdwvbx0f7o/XFrTfHdo 0=; X-Files: smime.p7s, PGP.sig : 2214, 535 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvwEAEdU60+rRDoG/2dsb2JhbABFti6BB4IxAYFJWxMih2gMlj+BKKBLkGFgA4hKhX2Ga4ESjQuBZoJ+ X-IronPort-AV: E=Sophos;i="4.77,486,1336348800"; d="sig'?p7s'?scan'208";a="50295261" Received: from mtv-core-1.cisco.com ([171.68.58.6]) by mtv-iport-4.cisco.com with ESMTP; 27 Jun 2012 18:44:19 +0000 Received: from sjc-vpn7-1229.cisco.com (sjc-vpn7-1229.cisco.com [10.21.148.205]) by mtv-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id q5RIiIJb005829 for ; Wed, 27 Jun 2012 18:44:18 GMT From: Matt Miller Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-6--409278448" Date: Wed, 27 Jun 2012 12:44:17 -0600 Message-Id: <5EADB662-3C59-4EF3-926E-FB738192CCD5@cisco.com> To: XMPP Working Group Mime-Version: 1.0 (Apple Message framework v1084) Content-Transfer-Encoding: 7bit X-Pgp-Agent: GPGMail 1.3.3 X-Mailer: Apple Mail (2.1084) Subject: [xmpp] Drafts on "Domain Name Associations (DNA)" X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2012 18:44:31 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-6--409278448 Content-Type: multipart/signed; boundary=Apple-Mail-5--409278464; protocol="application/pkcs7-signature"; micalg=sha1 --Apple-Mail-5--409278464 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Peter Saint-Andre and I have submitted three drafts (2 new, 1 updated) = discussing DNA: * "Domain Name Associations (DNA) in the Extensible Messaging and = Presence Protocol (XMPP)" < http://tools.ietf.org/html/draft-saintandre-xmpp-dna-00 > * "Using DNS Security Extensions (DNSSEC) and DNS-based Authentication = of Named Entities (DANE) as a Prooftype for XMPP Domain Name = Associations" < http://tools.ietf.org/html/draft-miller-xmpp-dnssec-prooftype-02 > * "Using PKIX over Secure HTTP (POSH) as a Prooftype for XMPP Domain = Name Associations" < http://tools.ietf.org/html/draft-miller-xmpp-posh-prooftype-00 > Peter and I opted to split them into separate documents rather than try = to build a single monolithic draft, at least to get started. Enjoy! - m&m Matt Miller - Cisco Systems, Inc. --Apple-Mail-5--409278464 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFNTCCBTEw ggMZoAMCAQICAwmYMjANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3Jp dHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMDEyMTQxNzQ3MTlaFw0x MjEyMTMxNzQ3MTlaMDwxFzAVBgNVBAMTDk1hdHRoZXcgTWlsbGVyMSEwHwYJKoZIhvcNAQkBFhJt YW1pbGxlMkBjaXNjby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7Sh5cQYtd /kfoG3KjXd8i2esxt+BtHCmuiSku2VECC6msLKzA08cGJ31GfyX7+996TV3D5omh51j5fznfFikk cVGsuKe+omo70Aidw48ISGygQk8ZJrU8JVVfTjKVJRX39wgj8w8CI/BCz4kXLirIBWKTv1ARuqsO 7I1aqT7pWHAwlAKIbYYEwfz46OjyzmqknglOecy/1PR09nXwAAIepSo0Jk9edqsU8Pdqsbx8cPUV jlFtVkk+58ORjefl+4BoGrzW24rGG2B04sNPrycNqZEaJLmdk5J9ie/FMV10H8wFW8syomuacPxv NhoUgNnkYsJiO7zJEKUUmbmW1GPFAgMBAAGjgf4wgfswDAYDVR0TAQH/BAIwADBWBglghkgBhvhC AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQgb3ZlciB0byBo dHRwOi8vd3d3LkNBY2VydC5vcmcwQAYDVR0lBDkwNwYIKwYBBQUHAwQGCCsGAQUFBwMCBgorBgEE AYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAB hhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMB0GA1UdEQQWMBSBEm1hbWlsbGUyQGNpc2NvLmNvbTAN BgkqhkiG9w0BAQUFAAOCAgEAoa/WVlTWG/rbVIFlG1tCdJrbVvIWNfUNSgojunKsoaVGCoIh7T1+ SgWe8sV+r7s5bVlq66iGxTm/qoKMHM9i4aNGlwWDkXqLHoCKbY4qKPGKnn7PaoA6DWQ5u7ZKBkn9 N2fY8iLxiAy/hLnjtRLlbSr2yBX0DbO1K0ORLDwfO2MUf1j2Cou+qVvEmyEe7cUq37iOOsNbtghT xjn+RE7WJiHcR9deAkfI1xXi7UZcFME+k6nhdnX/qWFFLox0fJJCzX1H8DTzRIjA+ciNLWSG+TRx s7fAn+YZisJdkGxMcWlHZxSu+ybPjc9T7zCyf4+yFHigdOMNxiQ2k/E9WTJ84xIis2TG3E9Nba9B PMb6cgjiqGxiFpKKHj9/5A3wDIHZ8dof+M7YFGnHzwF9i72ZEoaO3hMEhAg9LhqGtQtEZohbTZL2 FOeT+8VjUHSOKhEYurQjWrHDj+ZyDjzhOE/KMwqSWokZhoy0s+VQ05BrVlbXd5DJaB/Hem0MdDUc /6IjqtI6f8O/HLQFAVUQgtW50bfCjDOAB/SaEKzygblcAHxSKDbduRQaRst6cIHEy4eQxvxrHIhg b2KWZ00jS+7NUnAMOyzIJTcZfV5mkCb8UjMHq9NSChwpBFuDzpXxjU20xJGDvbVWNDwfbITCczph p4uuhLITzvhHKaUNwxoqx0oxggMzMIIDLwIBATCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYD VQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRo b3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDCZgyMAkGBSsOAwIaBQCg ggGHMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEyMDYyNzE4NDQx OFowIwYJKoZIhvcNAQkEMRYEFOb3si9ImjBZCk/Jg7BpCUj2egkxMIGRBgkrBgEEAYI3EAQxgYMw gYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIw IAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0 QGNhY2VydC5vcmcCAwmYMjCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAwmYMjANBgkq hkiG9w0BAQEFAASCAQBiEsAw0s6TYK7Nz8Pl17RY+dB7y0gRanyZs4cJkbQrlH3iRTg6WAOm4w6l 3gOnANgGlL6kbvDHAObDFEpQ9/76FMGp9ZLVbzTLRdqS7stAeIcMZWylbu1+7Kx3F50r3SrIp7DW ny3FEGgBbcxVzLCKp8jxstBKjJN24iNCD7b2Rkpb3sV+nKMLvUV4rh6sEtfRyn/vEv8MYNU7pcKT eYnegduGdMGQsTsuwd5DMBwDA+pIT+2GERsjldmNVNprMxnr376YfjpXk1iqkivSIZWMr9ApZ/2p ynT63hB5T+Wc1xMJBAkzkP/8WAyLsYlDbH/g8SXEG6/Tmcgg0lMwZeo3AAAAAAAA --Apple-Mail-5--409278464-- --Apple-Mail-6--409278448 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJP61SCAAoJEJq6Ou0cgrSPMsMIAImx4SyBm3JD9oC0YQy16Fkg YamwMrDRcP8Kql1SioFKKDIcrQWBu2wHTQHLu5COeJ/j6QuRmoA+txRoeOcuIkNT KxNSsftzpbVmNGTvUd6Q0Sk1DDaey7mrIWfIA+a8ojUYzr3HqPML5ZlpiW3pDru8 vFpBTSF0sqzUWl1w3TBaVGXv2Eii/aAtaIM8ffhILRdu8oNN0R7LLvioToY5lhnm eFh41pR/s5x3y90zG9sCyzhJsir1SEchPgfATV7iczY/4F7jk46KN34sEpwlubYW l8P8Wys5oZPlyt/AzUhcjNGo9ISI2Kwkgfw6MFIVcOEfH05XxLtuz9tWy4GZdQg= =UWyz -----END PGP SIGNATURE----- --Apple-Mail-6--409278448-- From stpeter@stpeter.im Wed Jun 27 12:12:07 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AC7621F86A8 for ; Wed, 27 Jun 2012 12:12:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.509 X-Spam-Level: X-Spam-Status: No, score=-102.509 tagged_above=-999 required=5 tests=[AWL=0.090, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yZbjWFRHrn2y for ; Wed, 27 Jun 2012 12:12:06 -0700 (PDT) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id C6E2221F8665 for ; Wed, 27 Jun 2012 12:12:05 -0700 (PDT) Received: from [192.168.0.9] (unknown [216.17.179.227]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 56D0D4005A for ; Wed, 27 Jun 2012 13:29:52 -0600 (MDT) Message-ID: <4FEB5AFC.8030606@stpeter.im> Date: Wed, 27 Jun 2012 13:11:56 -0600 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: XMPP Working Group References: In-Reply-To: X-Enigmail-Version: 1.4.2 X-Forwarded-Message-Id: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: [xmpp] Fwd: [dane] draft-fanf-dane-mua-00 X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2012 19:12:07 -0000 FYI, a point of comparison for our use of DANE: https://datatracker.ietf.org/doc/draft-fanf-dane-mua/ https://datatracker.ietf.org/doc/draft-fanf-dane-smtp/ /psa -------- Original Message -------- Subject: [dane] draft-fanf-dane-mua-00 Date: Wed, 27 Jun 2012 20:09:56 +0100 From: Tony Finch To: dane@ietf.org At long last, I have got what I hope is a plausible spec for using DANE with IMAP, POP3, and message submission. I think my main struggle was working out what I did not need to put in the document. The compatibility bits are particularly tricky. The structure owes a fair amount to Matt Miller and PSA's XMPP draft, and to RFC 6186. I have also made a minor revision to my other draft which is now draft-fanf-dane-smt-04. This is mainly to flag up points for discussion in Vancouver. All questions / comments / suggestions welcome! Tony. -- f.anthony.n.finch http://dotat.at/ Trafalgar: Variable mainly northwesterly 3 or 4, but easterly 5 to 7 at first in far southeast. Rough at first in far southeast, otherwise slight or moderate. Showers, fog patches. Moderate or good, occasionally very poor. ---------- Forwarded message ---------- Date: Wed, 27 Jun 2012 11:58:10 -0700 From: internet-drafts@ietf.org To: dot@dotat.at Subject: New Version Notification for draft-fanf-dane-mua-00.txt A new version of I-D, draft-fanf-dane-mua-00.txt has been successfully submitted by Tony Finch and posted to the IETF repository. Filename: draft-fanf-dane-mua Revision: 00 Title: DNSSEC and TLSA records for IMAP, POP3, and message submission Creation date: 2012-06-27 WG ID: Individual Submission Number of pages: 8 URL: http://www.ietf.org/internet-drafts/draft-fanf-dane-mua-00.txt Status: http://datatracker.ietf.org/doc/draft-fanf-dane-mua Htmlized: http://tools.ietf.org/html/draft-fanf-dane-mua-00 Abstract: This specification describes the effect that DNSSEC has on SRV-based autoconfiguration and TLS certificate verification in the mail user agent protocols IMAP, POP3, and message submission. It also describes how to use TLSA DNS records to provide stronger authentication of server TLS certificates. The IETF Secretariat _______________________________________________ dane mailing list dane@ietf.org https://www.ietf.org/mailman/listinfo/dane From fippo@goodadvice.pages.de Wed Jun 27 08:16:49 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CAD221F873C for ; Wed, 27 Jun 2012 08:16:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L4zQRFzdnYfc for ; Wed, 27 Jun 2012 08:16:48 -0700 (PDT) Received: from lo.psyced.org (lost.IN.psyced.org [188.40.42.221]) by ietfa.amsl.com (Postfix) with ESMTP id 67D4021F8737 for ; Wed, 27 Jun 2012 08:16:47 -0700 (PDT) Received: from lo.psyced.org (localhost [127.0.0.1]) by lo.psyced.org (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q5RFGgQa018457 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 27 Jun 2012 17:16:42 +0200 Received: from localhost (fippo@localhost) by lo.psyced.org (8.14.3/8.14.3/Submit) with ESMTP id q5RFGeo2018453; Wed, 27 Jun 2012 17:16:40 +0200 X-Authentication-Warning: lo.psyced.org: fippo owned process doing -bs Date: Wed, 27 Jun 2012 17:16:40 +0200 (CEST) From: Philipp Hancke X-X-Sender: fippo@lo.psyced.org To: Matt Miller In-Reply-To: Message-ID: References: <20120608202212.8859.65155.idtracker@ietfa.amsl.com> User-Agent: Alpine 1.10 (DEB 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Mailman-Approved-At: Thu, 28 Jun 2012 15:04:51 -0700 Cc: XMPP Working Group Subject: Re: [xmpp] Fwd: I-D Action: draft-miller-xmpp-dnssec-prooftype-01.txt X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2012 15:16:49 -0000 i'm pondering on the proof name. The prooftype is using dnssec, but uses it to extend the 6125 to allow secure delegation. I.e. it either explains how to do delegation within a PKI prooftype or is a proof PKI-Delegation proof. DNSSEC alone might (mostly in the context of s2s and server dialback) be a different proof (used by the connecting server instead of dialbacks current faith in insecure dns). Thoughts? From ben@nostrum.com Fri Jun 29 13:05:24 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 099B121F88CE for ; Fri, 29 Jun 2012 13:05:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.6 X-Spam-Level: X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z8EaQsEHUJXF for ; Fri, 29 Jun 2012 13:05:23 -0700 (PDT) Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by ietfa.amsl.com (Postfix) with ESMTP id D576B21F88D4 for ; Fri, 29 Jun 2012 13:05:22 -0700 (PDT) Received: from [10.12.30.47] ([4.30.77.1]) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id q5TK5LJ9067179 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 29 Jun 2012 15:05:22 -0500 (CDT) (envelope-from ben@nostrum.com) Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=us-ascii From: Ben Campbell In-Reply-To: <4FEA2284.70105@stpeter.im> Date: Fri, 29 Jun 2012 15:05:21 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <5A99956B-FC20-4AEE-9D94-AC3A84535491@nostrum.com> References: <4FEA2284.70105@stpeter.im> To: Peter Saint-Andre X-Mailer: Apple Mail (2.1278) Received-SPF: pass (nostrum.com: 4.30.77.1 is authenticated by a trusted mechanism) Cc: XMPP Working Group Subject: Re: [xmpp] SIP-XMPP mapping specs X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2012 20:05:24 -0000 (As chair) Hi, Elaborating on Peter's comment that this work "might not be in the XMPP = wg", although it is mentioned in the XMPP charter: We removed the related milestone for SIP-XMPP mapping a while back, = based on the working group's express lack of interest at the time. I = think the only reason the charter language remains is that we simply did = not feel the need for a complete recharter at the time. I do not mean = this to prejudice any future decisions on the matter, but if we decide = to add the milestone(s) back, we would need to treat it as proposed new = work, rather than just restarting an existing, but dormant, work item. That doesn't mean we can't reuse existing (or expired) drafts--just that = we will need both a work group consensus and AD approval to add the = milestones back.=20 Thanks! Ben. On Jun 26, 2012, at 3:58 PM, Peter Saint-Andre wrote: > Recently I've received expressions of interest in reviving and > finalizing the SIP-XMPP mapping specifications. In rough order of > maturity they are: >=20 > http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-core/ > http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-presence/ > http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-im/ > http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-chat/ > http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-groupchat/ > http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-media/ >=20 > If anyone here would like to provide feedback on these specs, I would > appreciate hearing about off-list so that I can determine if there's > energy enough to move them forward somehow (that might not be in the > XMPP WG, although there's an item on the WG's charter to "define a > framework within which this work could be completed"). >=20 > Thanks! >=20 > Peter >=20 > --=20 > Peter Saint-Andre > https://stpeter.im/ >=20 >=20 >=20 > _______________________________________________ > xmpp mailing list > xmpp@ietf.org > https://www.ietf.org/mailman/listinfo/xmpp From ben@nostrum.com Fri Jun 29 13:07:14 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29E0921F88DA for ; Fri, 29 Jun 2012 13:07:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.6 X-Spam-Level: X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FeG5UduH9MvK for ; Fri, 29 Jun 2012 13:07:13 -0700 (PDT) Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by ietfa.amsl.com (Postfix) with ESMTP id 70F0121F88D5 for ; Fri, 29 Jun 2012 13:07:13 -0700 (PDT) Received: from [10.12.30.47] ([4.30.77.1]) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id q5TK7C6h067268 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 29 Jun 2012 15:07:12 -0500 (CDT) (envelope-from ben@nostrum.com) From: Ben Campbell Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Fri, 29 Jun 2012 15:07:11 -0500 Message-Id: To: XMPP Group Mime-Version: 1.0 (Apple Message framework v1278) X-Mailer: Apple Mail (2.1278) Received-SPF: pass (nostrum.com: 4.30.77.1 is authenticated by a trusted mechanism) Subject: [xmpp] Agenda for Vancouver X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2012 20:07:14 -0000 Hi Everyone, We have 1.5 hours scheduled for XMPP at the IETF meeting in Vancouver. = We need to figure out our agenda soon. To that end, please send any = agenda requests to the chairs and work group list as soon as possible. = As usual, chartered work with open discussion items will get first = priority. I expect we will commit some time to the domain name assertion and the = end-to-end encryption efforts. What else do we need to talk about? Thanks! Ben.= From stpeter@stpeter.im Fri Jun 29 14:51:36 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECDE311E8079 for ; Fri, 29 Jun 2012 14:51:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.49 X-Spam-Level: X-Spam-Status: No, score=-102.49 tagged_above=-999 required=5 tests=[AWL=0.109, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R+69pqbpYfkO for ; Fri, 29 Jun 2012 14:51:35 -0700 (PDT) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 2917D11E8072 for ; Fri, 29 Jun 2012 14:51:35 -0700 (PDT) Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 3EA5A4005A; Fri, 29 Jun 2012 16:09:38 -0600 (MDT) Message-ID: <4FEE2365.1060903@stpeter.im> Date: Fri, 29 Jun 2012 15:51:33 -0600 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: Ben Campbell References: In-Reply-To: X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: XMPP Group Subject: Re: [xmpp] Agenda for Vancouver X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2012 21:51:36 -0000 On 6/29/12 2:07 PM, Ben Campbell wrote: > Hi Everyone, > > We have 1.5 hours scheduled for XMPP at the IETF meeting in Vancouver. We need to figure out our agenda soon. To that end, please send any agenda requests to the chairs and work group list as soon as possible. As usual, chartered work with open discussion items will get first priority. > > I expect we will commit some time to the domain name assertion and the end-to-end encryption efforts. What else do we need to talk about? Agreed on domain name associations and encryption. BTW, right now I do *not* foresee that we will need to talk about internationalization, because I think most of the work remaining there is in the PRECIS WG. However, I will check the open issues and minutes from our meeting at IETF 83 to determine if we might need to update 6122bis and briefly discuss a few issues at IETF 84. Peter -- Peter Saint-Andre https://stpeter.im/ From stpeter@stpeter.im Fri Jun 29 14:57:02 2012 Return-Path: X-Original-To: xmpp@ietfa.amsl.com Delivered-To: xmpp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 750E521F861A for ; Fri, 29 Jun 2012 14:57:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.492 X-Spam-Level: X-Spam-Status: No, score=-102.492 tagged_above=-999 required=5 tests=[AWL=0.107, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pf727rhyqHhn for ; Fri, 29 Jun 2012 14:57:01 -0700 (PDT) Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 7AAD121F8610 for ; Fri, 29 Jun 2012 14:57:01 -0700 (PDT) Received: from [64.101.72.115] (unknown [64.101.72.115]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 758514005A; Fri, 29 Jun 2012 16:15:04 -0600 (MDT) Message-ID: <4FEE24AC.7070008@stpeter.im> Date: Fri, 29 Jun 2012 15:57:00 -0600 From: Peter Saint-Andre User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: Ben Campbell References: <4FEA2284.70105@stpeter.im> <5A99956B-FC20-4AEE-9D94-AC3A84535491@nostrum.com> In-Reply-To: <5A99956B-FC20-4AEE-9D94-AC3A84535491@nostrum.com> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: XMPP Working Group Subject: Re: [xmpp] SIP-XMPP mapping specs X-BeenThere: xmpp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: XMPP Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2012 21:57:02 -0000 My opinion is: let's see if anyone actually sends me direct feedback as they promised or I requested. I'm using that as a gauge of energy levels. :) On 6/29/12 2:05 PM, Ben Campbell wrote: > (As chair) > > Hi, > > Elaborating on Peter's comment that this work "might not be in the XMPP wg", although it is mentioned in the XMPP charter: > > We removed the related milestone for SIP-XMPP mapping a while back, based on the working group's express lack of interest at the time. I think the only reason the charter language remains is that we simply did not feel the need for a complete recharter at the time. I do not mean this to prejudice any future decisions on the matter, but if we decide to add the milestone(s) back, we would need to treat it as proposed new work, rather than just restarting an existing, but dormant, work item. > > That doesn't mean we can't reuse existing (or expired) drafts--just that we will need both a work group consensus and AD approval to add the milestones back. > > Thanks! > > Ben. > > On Jun 26, 2012, at 3:58 PM, Peter Saint-Andre wrote: > >> Recently I've received expressions of interest in reviving and >> finalizing the SIP-XMPP mapping specifications. In rough order of >> maturity they are: >> >> http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-core/ >> http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-presence/ >> http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-im/ >> http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-chat/ >> http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-groupchat/ >> http://datatracker.ietf.org/doc/draft-saintandre-sip-xmpp-media/ >> >> If anyone here would like to provide feedback on these specs, I would >> appreciate hearing about off-list so that I can determine if there's >> energy enough to move them forward somehow (that might not be in the >> XMPP WG, although there's an item on the WG's charter to "define a >> framework within which this work could be completed"). >> >> Thanks! >> >> Peter >> >> -- >> Peter Saint-Andre >> https://stpeter.im/ >> >> >> >> _______________________________________________ >> xmpp mailing list >> xmpp@ietf.org >> https://www.ietf.org/mailman/listinfo/xmpp > -- Peter Saint-Andre https://stpeter.im/