headers
Lance Stout | 18 May 2013 23:49
Gravatar

New version of XMPP over Websocket draft

I've updated the XMPP over WebSocket draft to include:

- Several examples for establishing the WebSocket connection, closing the
    connection, and performing a stream restart.
- Adjust language for pings to note that XEP-0198 provides a keepalive
    pinging mechanism as well.
- Modify language on closing the connection, noting that the XMPP streams
    should be explicitly closed before closing the WebSocket connection.
- Added recommendation to use XEP-0198 stream management.
- Added note that a server should keep the session alive (based on policy)
    if a connection is closed without closing the streams (XEP-0198).
- Added section on using XEP-0156 to discover the WebSocket connection 
    endpoint. I've emailed the XMPP Registrar to register the
    _xmpp-client-websocket connection method name. I've also asked the XMPP
    standards list about creating a .well-known/ document to supplement the
    method defined in XEP-0156 as browser based clients that will use the
    WebSocket transport can't make the necessary DNS calls.

There do remain several issues that have been discussed at the previous
IETF meeting and the XSF summit last February:

- How to handle instructing the client to connect to a different
    endpoint (e.g., some see-other-uri error condition). If we can
    define a new stream error condition here, then that would be 
    preferable.

- SASL EXTERNAL. What qualifies? Would a user session cookie (normally
    sufficient for HTTP requests) be acceptable? If a user session
    cookie is provided and authorized by the server before accepting
    the WebSocket connection, is SASL auth still needed or can a client
(Continue reading)

Permalink | Reply | 1 comment |
headers
hammondjohnson | 27 Apr 2013 19:56
Favicon

Biggest Fake Conference in Computer Science

We are researchers from different parts of the world and conducted a study on  
the world’s biggest bogus computer science conference WORLDCOMP 
( http://sites.google.com/site/worlddump1 ) organized by Prof. Hamid Arabnia 
from University of Georgia, USA.

We submitted a fake paper to WORLDCOMP 2011 and again (the same paper 
with a modified title) to WORLDCOMP 2012. This paper had numerous 
fundamental mistakes. Sample statements from that paper include: 

(1). Binary logic is fuzzy logic and vice versa
(2). Pascal developed fuzzy logic
(3). Object oriented languages do not exhibit any polymorphism or inheritance
(4). TCP and IP are synonyms and are part of OSI model 
(5). Distributed systems deal with only one computer
(6). Laptop is an example for a super computer
(7). Operating system is an example for computer hardware

Also, our paper did not express any conceptual meaning.  However, it 
was accepted both the times without any modifications (and without 
any reviews) and we were invited to submit the final paper and a 
payment of $500+ fee to present the paper. We decided to use the 
fee for better purposes than making Prof. Hamid Arabnia (Chairman 
of WORLDCOMP) rich. After that, we received few reminders from 
WORLDCOMP to pay the fee but we never responded. 

We MUST say that you should look at the above website if you have any thoughts 
to submit a paper to WORLDCOMP.  DBLP and other indexing agencies have stopped 
indexing WORLDCOMP’s proceedings since 2011 due to its fakeness. See 
http://www.informatik.uni-trier.de/~ley/db/conf/icai/index.html for of one of the 
conferences of WORLDCOMP and notice that there is no listing after 2010. See Section 2 of
(Continue reading)

Permalink | Reply | 0 comments |
headers
Peter Saint-Andre | 17 Apr 2013 01:32
Favicon

6122bis: leading and trailing whitespace

Going through old email, I found a note to myself sent during IETF 86
about adding something to 6122bis about leading and trailing whitespace.
This must refer to handling of resourceparts (since the PRECIS
IdentifierClass does not allow spaces), and in fact I thought we had
added something about that long ago but I don't find it in 6122bis.
However, draft-ietf-precis-nickname does contain such text:

   4.  Leading and trailing whitespace (i.e., one or more instances of
       the ASCII space character at the beginning or end of a nickname)
       MUST be removed (e.g., "stpeter " is mapped to "stpeter").

It seems like good advice in general for resourceparts. Does anyone have objections to adding it?

Peter
Permalink | Reply | 0 comments |
headers
Richard Barnes | 12 Apr 2013 22:37

Re: Anonymity and PFR with Miller's E2E proposal (Was: Self Introduction)

Hey Jon,


Sorry for the late reply.  If you're interested in DH for JWK, I would suggest sending a message to the JOSE mailing list.  Other than that, your syntax looks OK to me, although I would just use standard letters, like "p" for "prime" and "g" for "generator".  

Also, as to the IPR on ECC, there's some story about how to do it IPR-free: <http://tools.ietf.org/html/rfc6090>

Best,
--Richard





On Thu, Mar 14, 2013 at 4:52 PM, Jon Kristensen <info <at> jonkri.com> wrote:
On 03/14/2013 06:39 AM, Richard Barnes wrote:
It's even simpler than that: Alice and Bob each generate a JWK representing a DH or ECDH key, the exchange them in an IQ. 


Thank you for pointing me in the right direction!

Please correct me if I'm wrong, but the way I see it is this:

In order to provide authentication and (weak) anonymity, we would have to exchange
  1. unauthenticated Diffie-Hellman key exchange <keyreq /> stanzas, used to negotiate a first shared secret, and
  2. encrypted (with the first shared secret) <keyreq /> stanzas (which wraps the long-lived public keys) to negotiate a second shared secret.
The second shared secret would be the symmetric key used for encrypting the following stanzas. This would protect the long-lived public key from a passive attacker, and provide perfect forward secrecy. Also, any entity could perform additional unauthenticated Diffie-Hellman key exchanges (this time, however, encrypted) to redo the procedure, and add yet another "PFS layer".

As there seems to be some patent-related uncertainty surrounding elliptic curve cryptography[1], I would like to see support for regular Diffie-Hellman keys.

Looking at the IANA JSON Web Key Types registry key types[2], there appear to only be two key types defined: `EC' (Elliptic Curve [DSS] key type) and `RSA' (RFC3447 key type). Could perhaps `DH' be added to this table?

Would `alg' (refer to the the JSON Web Encryption algorithm section[3]) be something like `DH+A128KW'?

All-in-all, would something like the following JWK representation be suitable for the Diffie-Hellman public key exchanges?

{
  "kty": "DH",
  "public-key": "...",
  "prime": "...",
  "generator": "...",
  "use": "enc",
  "alg": "DH+A128KW"
}

[1]: http://en.wikipedia.org/wiki/ECC_patents
[2]: http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-08#section-5.1
[3]: http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-08#section-4.1

Jon 

_______________________________________________
xmpp mailing list
xmpp <at> ietf.org
https://www.ietf.org/mailman/listinfo/xmpp
Permalink | Reply | 0 comments |
headers
Ben Campbell | 3 Apr 2013 00:36
Favicon

Adoption of draft-saintandre-xmpp-dna as a work group item

Hi,

This is a short consensus call on the adoption of draft-saintandre-xmpp-dna as a working group draft for
our "server-to-server connection reuse" milestone. If we do so, this will replace the existing
draft-ietf-xmpp-dna. (probably by becoming draft-ietf-xmpp-dna-02.)

Please note that this adoption is independent from any potential adoption of
draft-miller-xmpp-posh-prooftype or draft-miller-xmpp-dnssec-prooftype. We are still exploring
where the work from those drafts should land.

Please send yea/nay or other related comments to the XMPP list by the end of this week.

Thanks!

Ben.
Permalink | Reply | 11 comments |
headers
Peter Saint-Andre | 26 Mar 2013 21:36
Favicon

another e2e approach


Of interest regarding end-to-end encryption....

https://silentcircle.com/web/scimp-protocol/

Peter

--

-- 
Peter Saint-Andre
https://stpeter.im/
Permalink | Reply | 3 comments |
headers
Ben Campbell | 22 Mar 2013 21:10
Favicon

Draft Minutes

Hi,

Draft minutes from the XMPP meeting in Orlando are available at
http://www.ietf.org/proceedings/86/minutes/minutes-86-xmpp .

Please send any corrections to the chairs as soon as possible.

Thanks!

Ben.
Permalink | Reply | 2 comments |
headers
Peter Saint-Andre | 29 May 2009 21:43
Favicon

[Fwd: WG Action: Extensible Messaging and Presence Protocol (xmpp)]


FYI. Note the mailing list:

mailto:xmpp <at> ietf.org

https://www.ietf.org/mailman/listinfo/xmpp

I will mothball the old xmppwg <at> xmpp.org list, retaining the archives for
historical purposes.

/psa

-------- Original Message --------
Subject: WG Action: Extensible Messaging and Presence Protocol (xmpp)
Date: Fri, 29 May 2009 12:35:28 -0700 (PDT)
From: IESG Secretary <iesg-secretary <at> ietf.org>
To: IETF Announcement list <ietf-announce <at> ietf.org>
CC: xmpp <at> ietf.org, jhildebr <at> cisco.com

A new IETF working group has been formed in the Real-time Applications and
Infrastructure Area.  For additional information, please contact the Area
Directors or the WG Chairs.

Extensible Messaging and Presence Protocol (xmpp)
-----------------------------------------------------------------

Current Status: Active Working Group

Last Modified: 2009-05-29

Chair(s):

Joe Hildebrand <jhildebr <at> cisco.com>
Sean Turner <turners <at> ieca.com>

Real-time Applications and Infrastructure Area Director(s):

Robert Sparks <rjsparks <at> nostrum.com>
Cullen Jennings <fluffy <at> cisco.com>

Real-time Applications and Infrastructure Area Advisor:

Robert Sparks <rjsparks <at> nostrum.com>

Mailing Lists:

General Discussion: xmpp <at> ietf.org
To Subscribe: https://www.ietf.org/mailman/listinfo/xmpp
Archive: http://www.ietf.org/mail-archive/web/xmpp/

Description of Working Group:

The Extensible Messaging and Presence Protocol (XMPP) is an
technology for the near-real-time exchange of messages and presence
notifications, where data is exchanged over Extensible Markup Language
(XML) streams. The original XMPP working group published RFCs 3920-3923.

Implementation and deployment experience since that time has resulted
in errata, clarifications, and suggestions for improvement to the core
XMPP specifications (RFCs 3920 and 3921). Some technologies on which
XMPP depends (e.g., Transport Layer Security and the Simple
Authentication and Security Layer) have undergone modifications of their
own, which XMPP needs to track. Finally, the group needs to define a
sustainable solution to internationalization of XMPP addresses, since
the approach taken in RFC 3920 (based on stringprep profiles) is limited
to Unicode 3.2 characters. Both draft-saintandre-rfc3920bis-* and
draft-saintandre-rfc3921bis-* reflect community input so
far regarding these modifications, but the group needs to complete this
work, especially with regard to internationalization. Because of the
scope of changes involved, it is envisioned that these specifications
will be cycled at Proposed Standard.

Although RFC 3923 defines an end-to-end signing and encryption
technology for use by XMPP systems, to date it has not been implemented.
A goal of the group is to develop an implementable method for end-to-end
encryption, preferably based on well known and widely deployed security
technologies.

XMPP uses TLS for encryption and the Simple Authentication and Security
Layer (SASL) for authentication. In the case of a server-to-server
stream, XMPP is deployed using TLS and the SASL EXTERNAL mechanism,
where each peer presents an X.509 certificate. This model introduces
scaling challenges in multi-domain deployments because RFC 3920 requires
that a stream cannot be reused for more than one domain, thus
necessitating multiple TCP connections. The group will work to overcome
these challenges by defining an optional mechanism for using a single
connection with multiple identities. It is anticipated that most of the
work will consist of defining and providing requirements to the TLS and
SASL working groups.

Many of the core and extended features of XMPP have also been
implemented in technologies based on the Session Initiation Protocol
(SIP). To ensure interworking between XMPP systems and SIP systems, a
number of Internet-Drafts (draft-saintandre-sip-xmpp-*) have been
produced. The group will define a framework within which this work could
be completed.

In completing its work, the group will strive to retain backwards
compatibility with RFCs 3920 and 3921. However, changes that are not
backwards compatible might be accepted if the group determines that the
changes are required to meet the group's technical objectives and the
group clearly documents the reasons for making them.

Goals and Milestones:

Mar 2010 Decide upon a direction for server-to-server connection reuse.
Aug 2010 Deliver rfc3920bis and rfc3921bis to the IESG.
Dec 2010 Decide upon a direction for end-to-end encryption.
Jan 2011 Define a framework for SIP-XMPP interworking.
Feb 2011 Define a solution for server-to-server connection reuse.
Aug 2011 Define a solution for end-to-end encryption.

_______________________________________________
IETF-Announce mailing list
IETF-Announce <at> ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce
Permalink | Reply | 9 comments |
headers
Peter Saint-Andre | 8 May 2009 20:19
Favicon

[Fwd: I-D Action:draft-hildebrand-xmpp-tls-multiplexing-00.txt]


FYI.

-------- Original Message --------
Subject: I-D Action:draft-hildebrand-xmpp-tls-multiplexing-00.txt
Date: Fri,  8 May 2009 11:15:01 -0700 (PDT)
From: Internet-Drafts <at> ietf.org
Reply-To: internet-drafts <at> ietf.org
To: i-d-announce <at> ietf.org

A New Internet-Draft is available from the on-line Internet-Drafts
directories.

	Title           : Multiplexing of Connections between Extensible
Messaging and Presence Protocol (XMPP) Servers Using Transport Layer
Security (TLS)
	Author(s)       : J. Hildebrand, P. Saint-Andre
	Filename        : draft-hildebrand-xmpp-tls-multiplexing-00.txt
	Pages           : 5
	Date            : 2009-05-08

This document specifies requirements for multiplexing of connections
between Extensible Messaging and Presence Protocol (XMPP) servers
using Transport Layer Security (TLS).

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-hildebrand-xmpp-tls-multiplexing-00.txt
Permalink | Reply | 0 comments |
headers
Peter Saint-Andre | 1 Apr 2009 14:20
Favicon

[Fwd: [Standards] ACTIVE: XEP-0263 (ECO-XMPP)]

Publication of this radical new specification by the XSF clearly makes
it unnecessary to proceed with formation of an XMPP WG.

/psa

-------- Original Message --------
Subject: [Standards] ACTIVE: XEP-0263 (ECO-XMPP)
Date: Wed, 01 Apr 2009 07:04:12 -0500
From: XMPP Extensions Editor <editor <at> xmpp.org>
Reply-To: XMPP Standards <standards <at> xmpp.org>
To: standards <at> xmpp.org

Version 1.0 of XEP-0263 (ECO-XMPP) has been released.

Abstract: This specification defines best practices and protocol
modifications that will reduce the energy consumption of XMPP systems
and thereby help to save the planet.

URL: http://xmpp.org/extensions/xep-0263.html
Attachment (smime.p7s): application/x-pkcs7-signature, 6751 bytes
Permalink | Reply | 0 comments |
headers
Cullen Jennings | 30 Mar 2009 17:37
Picon
Favicon
Gravatar

New charter please


I want to get a charter I can send to the IESG and IAB to start the  
working group approval process. Can folks on the list make whatever  
changes are needed to the charter and send me a copy when it is close  
to ready. It does not need to be perfect, there were sill be many  
chances to change it.

Roughly what happens from here is:

1) the folks on this list looks at the charter and make changes
2) it goes to AD for review, and more changes - I will circulate with  
apps, security, and rai ADs for, you guessed it, more changes
3) it goes to whole IAB and IESG for more changes
4) it goes to IESG tele-chat for approval to Last Call, and more changes
5) it gets an IETF LC, anyone can comment on changes needed, and, yes,  
more changes
6) it goes to the IESG tele-chat for approval of the working group a  
decisions is made about chairs
7) we have a WG - hopefully the approved WG has something in common  
with the text in step 1 :-)

I would like step 1 to be complete by this Monday April 6.

Thanks, Cullen
Permalink | Reply | 11 comments |

Gmane