internet-drafts | 24 Feb 00:05 2015
Picon

I-D Action: draft-ietf-xmpp-posh-04.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Extensible Messaging and Presence Protocol Working Group of the IETF.

        Title           : PKIX over Secure HTTP (POSH)
        Authors         : Matthew Miller
                          Peter Saint-Andre
	Filename        : draft-ietf-xmpp-posh-04.txt
	Pages           : 15
	Date            : 2015-02-23

Abstract:
   Experience has shown that it is extremely difficult to deploy proper
   PKIX certificates for TLS in multi-tenanted environments.  As a
   result, domains hosted in such environments often deploy applications
   using certificates that identify the hosting service, not the hosted
   domain.  Such deployments force end users and peer services to accept
   a certificate with an improper identifier, resulting in obvious
   security implications.  This document defines two methods that make
   it easier to deploy certificates for proper server identity checking
   in non-HTTP application protocols.  While these methods developed for
   use in the Extensible Messaging and Presence Protocol (XMPP) as a
   Domain Name Association (DNA) prooftype, they might also be usable in
   other non-HTTP application protocols.

The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-xmpp-posh/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-xmpp-posh-04
(Continue reading)

Ben Campbell | 21 Feb 01:30 2015

PROTO review of draft-ietf-xmpp-posh

Hi Peter and Matt,

I’m in the process of doing a PROTO writeup for POSH, and have one 
possibly material comment, and a few minor comments. Apologies for not 
turning these up during WLGC, and also if these rehash stuff we’ve 
already closed on. (The chairs should yell at me.)

— Material Comment: IANA Considerations

These seems a bit unusual, since we are registering a “fragment” 
that other protocols will use to register actual URIs.  This does not 
seem to have been contemplated by RFC5785. This also the side effect of 
establishing rules for certain entries in the well-known URI registry 
over and above those from RFC5785.

Does it make sense to actually register the prefix itself, since it’s 
not really a URI? It would seem reasonable to leave the actual 
registration to protocols that need to register posh URIs.

I see Mark Nottingham is the expert for the well-known URI registry. By 
any chance has anyone run this by him?

Editorial Comments:

— section 3, numbered steps:

Which server is the POSH server? Is that the hosting server, or the web 
server that serves the well-known URI? I can infer the answer, but it 
would be good to be explicit.

(Continue reading)

Ben Campbell | 20 Feb 22:36 2015

WGLC of draft-ietf-xmpp-dna-09


This is an XMPP Working Group Last Call of draft-ietf-xmpp-dna-09. The 
draft is available at the following URL

https://datatracker.ietf.org/doc/draft-ietf-xmpp-dna/

The WGLC will conclude on March 6, 2015. Please send your comments to 
the authors and the XMPP mailing list.

(Given that the draft deadline for IETF92 is the following Monday, I 
suspect the authors would really appreciate people not waiting till the 
last minute to send feedback.)

Thanks!

Ben.
Peter Saint-Andre - &yet | 13 Feb 18:49 2015
Picon

e2e encryption

We're close to finishing all of our deliverables (6122bis, POSH, DNA) 
other than end-to-end encryption ("e2e") - IMHO they can all be sent to 
the IESG by, say, the end of April.

I know we plan to talk about e2e at IETF 92 in Dallas at the end of 
March, but I figured it would be good to start a list thread before then.

To be blunt, we (narrowly the XMPP WG but more widely and importantly 
the XMPP community) have failed to deliver an e2e technology. It's not 
for lack of proposals over the years: PGP, S/MIME, XML encryption, 
SIGMA, e2e TLS, OTR, and JOSE-based signing and encryption have all 
flitted across the stage.

To also be blunt, I don't think we have the right people in the room 
here to make significant progress on e2e. I don't think the XSF has had 
the right people in the room, either. I am of the opinion that, in order 
to move forward, someone - probably the XSF - needs to get all the 
relevant client and library developers working together. By which I mean 
writing code, experimenting with alternative approaches, meeting in 
person for interop testing, hashing out spec details, etc. That will 
require funding (which the XSF might be able to raise and provide), 
dedicated energy among developers, and a real attempt to push forward 
together as a community.

This isn't the place to make an organizing proposal for such an 
initiative. Although it is possible that the IETF or the XMPP WG could 
work in concert with the XSF or the XMPP developer community on such an 
initiative, that has its own challenges. In any case, I don't think the 
IETF can really find rough consensus until we have the relevant 
developers engaged to write some running code.
(Continue reading)

internet-drafts | 26 Jan 16:20 2015
Picon

I-D Action: draft-ietf-xmpp-posh-03.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Extensible Messaging and Presence Protocol Working Group of the IETF.

        Title           : PKIX over Secure HTTP (POSH)
        Authors         : Matthew Miller
                          Peter Saint-Andre
	Filename        : draft-ietf-xmpp-posh-03.txt
	Pages           : 15
	Date            : 2015-01-26

Abstract:
   Experience has shown that it is extremely difficult to deploy proper
   PKIX certificates for TLS in multi-tenanted environments.  As a
   result, domains hosted in such environments often deploy applications
   using certificates that identify the hosting service, not the hosted
   domain.  Such deployments force end users and peer services to accept
   a certificate with an improper identifier, resulting in obvious
   security implications.  This document defines two methods that make
   it easier to deploy certificates for proper server identity checking
   in non-HTTP application protocols.  While these methods developed for
   use in the Extensible Messaging and Presence Protocol (XMPP) as a
   Domain Name Association (DNA) prooftype, they might also be usable in
   other non-HTTP application protocols.

The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-xmpp-posh/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-xmpp-posh-03
(Continue reading)

RFC Errata System | 10 Jan 20:31 2015

[Technical Errata Reported] RFC6120 (4228)

The following errata report has been submitted for RFC6120,
"Extensible Messaging and Presence Protocol (XMPP): Core".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=6120&eid=4228

--------------------------------------
Type: Technical
Reported by: Georg Sauthoff <mail <at> georg.so>

Section: A.6.

Original Text
-------------
     <xs:element name='subject'>
       <xs:complexType>
         <xs:simpleContent>
           <xs:extension base='xs:string'>
             <xs:attribute ref='xml:lang' use='optional'/>
           </xs:extension>
         </xs:simpleContent>
       </xs:complexType>
     </xs:element>

     <xs:element name='thread'>
       <xs:complexType>
         <xs:simpleContent>
           <xs:extension base='xs:NMTOKEN'>
             <xs:attribute name='parent'
(Continue reading)

mact-usa | 27 Nov 21:44 2014
Picon
Picon

IoT XEPs to enter review by ISO

To xmpp members,

IoT XEPs used in ISO/IEC/IEEE P21451-1-4 to enter formal review as an international Semantic Web 3.0 standard for the Internet of Things (IoT)


Sent from my T-Mobile 4G LTE Device
_______________________________________________
xmpp mailing list
xmpp <at> ietf.org
https://www.ietf.org/mailman/listinfo/xmpp
internet-drafts | 27 Nov 04:00 2014
Picon

I-D Action: draft-ietf-xmpp-6122bis-17.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Extensible Messaging and Presence Protocol Working Group of the IETF.

        Title           : Extensible Messaging and Presence Protocol (XMPP): Address Format
        Author          : Peter Saint-Andre
	Filename        : draft-ietf-xmpp-6122bis-17.txt
	Pages           : 26
	Date            : 2014-11-26

Abstract:
   This document defines the address format for the Extensible Messaging
   and Presence Protocol (XMPP), including support for code points
   outside the ASCII range.  This document obsoletes RFC 6122.

The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-xmpp-6122bis/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-xmpp-6122bis-17

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-xmpp-6122bis-17

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Peter Saint-Andre - &yet | 12 Nov 04:34 2014
Picon

Fwd: New Version Notification for draft-ietf-uta-xmpp-03.txt

FYI.

-------- Original Message --------
Subject: New Version Notification for draft-ietf-uta-xmpp-03.txt
Date: Tue, 11 Nov 2014 19:33:53 -0800
From: internet-drafts <at> ietf.org
To: Peter Saint-Andre <peter <at> andyet.com>, Peter Saint-Andre 
<peter <at> andyet.com>, me <at> thijsalkema.de <me <at> thijsalkema.de>, Thijs 
Alkemade <me <at> thijsalkema.de>

A new version of I-D, draft-ietf-uta-xmpp-03.txt
has been successfully submitted by Peter Saint-Andre and posted to the
IETF repository.

Name:		draft-ietf-uta-xmpp
Revision:	03
Title:		Use of Transport Layer Security (TLS) in the Extensible 
Messaging and Presence Protocol (XMPP)
Document date:	2014-11-11
Group:		uta
Pages:		7
URL: 
http://www.ietf.org/internet-drafts/draft-ietf-uta-xmpp-03.txt
Status:         https://datatracker.ietf.org/doc/draft-ietf-uta-xmpp/
Htmlized:       http://tools.ietf.org/html/draft-ietf-uta-xmpp-03
Diff:           http://www.ietf.org/rfcdiff?url2=draft-ietf-uta-xmpp-03

Abstract:
    This document provides recommendations for the use of Transport Layer
    Security (TLS) in the Extensible Messaging and Presence Protocol
    (XMPP).  This document updates RFC 6120.

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat
internet-drafts | 24 Oct 03:48 2014
Picon

I-D Action: draft-ietf-xmpp-6122bis-15.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Extensible Messaging and Presence Protocol Working Group of the IETF.

        Title           : Extensible Messaging and Presence Protocol (XMPP): Address Format
        Author          : Peter Saint-Andre
	Filename        : draft-ietf-xmpp-6122bis-15.txt
	Pages           : 28
	Date            : 2014-10-23

Abstract:
   This document defines the address format for the Extensible Messaging
   and Presence Protocol (XMPP), including support for code points
   outside the ASCII range.  This document obsoletes RFC 6122.

The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-xmpp-6122bis/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-xmpp-6122bis-15

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-xmpp-6122bis-15

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
internet-drafts | 24 Oct 03:27 2014
Picon

I-D Action: draft-ietf-xmpp-dna-08.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Extensible Messaging and Presence Protocol Working Group of the IETF.

        Title           : Domain Name Associations (DNA) in the Extensible Messaging and Presence Protocol (XMPP)
        Authors         : Peter Saint-Andre
                          Matthew Miller
	Filename        : draft-ietf-xmpp-dna-08.txt
	Pages           : 18
	Date            : 2014-10-23

Abstract:
   This document improves the security of the Extensible Messaging and
   Presence Protocol (XMPP) in two ways.  First, it specifies how to
   establish a strong association between a domain name and an XML
   stream, using the concept of "prooftypes".  Second, it describes how
   to securely delegate a service domain name (e.g., example.com) to a
   target server host name (e.g., hosting.example.net), which is
   especially important in multi-tenanted environments where the same
   target server hosts a large number of service associated with
   different domains.

The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-xmpp-dna/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-xmpp-dna-08

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-xmpp-dna-08

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Gmane