Use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP)
draft-ietf-uta-xmpp-07
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2015-06-11
|
07 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2015-06-05
|
07 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2015-05-26
|
07 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2015-04-27
|
07 | Cindy Morgan | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2015-04-27
|
07 | (System) | RFC Editor state changed to EDIT |
2015-04-27
|
07 | (System) | Announcement was received by RFC Editor |
2015-04-27
|
07 | (System) | IANA Action state changed to No IC |
2015-04-27
|
07 | Amy Vezza | IESG state changed to Approved-announcement sent from Approved-announcement to be sent::Point Raised - writeup needed |
2015-04-27
|
07 | Amy Vezza | IESG has approved the document |
2015-04-27
|
07 | Amy Vezza | Closed "Approve" ballot |
2015-04-27
|
07 | Amy Vezza | Ballot approval text was generated |
2015-04-27
|
07 | Amy Vezza | Ballot writeup was changed |
2015-04-23
|
07 | Peter Saint-Andre | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2015-04-23
|
07 | Peter Saint-Andre | New version available: draft-ietf-uta-xmpp-07.txt |
2015-04-23
|
06 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation |
2015-04-22
|
06 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2015-04-22
|
06 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2015-04-22
|
06 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2015-04-21
|
06 | Kathleen Moriarty | [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty |
2015-04-21
|
06 | Ben Campbell | [Ballot Position Update] Position for Ben Campbell has been changed to Yes from No Record |
2015-04-21
|
06 | Ben Campbell | [Ballot comment] 3.4, paragraph 3: Would you offer different guidance about the multi-tenant problem if POSH and DNA were finished? I don't suggest delaying for … [Ballot comment] 3.4, paragraph 3: Would you offer different guidance about the multi-tenant problem if POSH and DNA were finished? I don't suggest delaying for that, even though they are both post-WGLC. But I wonder if there is something here we need to clean up after POSH and DNA are published? Paragraph 4: By "unauthenticated connections", I assume it means "unauthenticated TLS [or encrypted] connections". Is this correct? |
2015-04-21
|
06 | Ben Campbell | Ballot comment text updated for Ben Campbell |
2015-04-21
|
06 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
2015-04-21
|
06 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2015-04-20
|
06 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2015-04-20
|
06 | Barry Leiba | [Ballot Position Update] Position for Barry Leiba has been changed to Yes from Discuss |
2015-04-20
|
06 | Barry Leiba | [Ballot discuss] I forgot to put this in on my first ballot: You have a downref to RFC 4949, and it wasn't called out … |
2015-04-20
|
06 | Barry Leiba | [Ballot Position Update] Position for Barry Leiba has been changed to Discuss from Yes |
2015-04-20
|
06 | Barry Leiba | [Ballot comment] -- Section 3.4 -- Wherever possible, it is best to prefer authenticated connections (along with SASL [RFC4422]), as already … [Ballot comment] -- Section 3.4 -- Wherever possible, it is best to prefer authenticated connections (along with SASL [RFC4422]), as already stated in the core XMPP specification [RFC6120]. In particular, clients MUST authenticate servers and servers MUST authenticate clients. How does "prefer" "whenever possible" match up with "MUST" and "MUST"? Ah, I see; in the next paragraph, we have server-to-server authentication, which isn't a MUST. Got it. So, purely optional if you agree with me, but I'd find it less confusing like this: NEW Wherever possible, it is best to prefer authenticated connections (along with SASL [RFC4422]), as already stated in the core XMPP specification [RFC6120]. In particular: * Clients MUST authenticate servers. * Servers MUST authenticate clients. * Servers SHOULD authenticate other servers. This document does not mandate that servers need to authenticate peer servers, although such authentication is strongly preferred. Unfortunately, [...etc...] END -- Section 3.6 -- I understand that, while most users won't understand it, there's value in trying to communicate to an end user that she is using a secure connection. I am very skeptical that there's the slightest bit of value in giving end users information about the version of TLS used, the mechanism for verification, the details of the certs (if any), or the details of the cipher suite. I'm certainly skeptical that making that available to end users should rise to the level of "strongly encouraged". I'm not going to block anything with regard to this, but I see this as something you might strongly encourage be available to an administrator, but not to an end user (other than, perhaps, by enabling detailed logging through an advanced setting, then inspecting the logs). |
2015-04-20
|
06 | Barry Leiba | [Ballot Position Update] New position, Yes, has been recorded for Barry Leiba |
2015-04-20
|
06 | Spencer Dawkins | [Ballot comment] This is important work. Thank you for doing it. I have a couple of points where I wasn't clear on the text, but … [Ballot comment] This is important work. Thank you for doing it. I have a couple of points where I wasn't clear on the text, but they're nits. I'm not quite sure what this text: 3.3. Session Resumption In XMPP, TLS session resumption can be used in concert with the XMPP Stream Management extension; see [XEP-0198] for further details. means in a major section called "Recommendations". Good idea? Bad idea? Doesn't matter? It depends? I could read "can be used" as saying "it's physically possible", or "it's OK", so I thought I should ask. I'm fine with you not saying anything normative, but it seems like a thumbs up/down/sideways would be helpful, at a minimum. In this text: 5. Security Considerations The use of TLS can help limit the information available for correlation to the network and transport layer headers as opposed to the application layer. I'm guessing what "as opposed to" means. Is this saying The use of TLS can help limit the information available for correlation between the network and transport layer headers and the application layer. or something else? |
2015-04-20
|
06 | Spencer Dawkins | [Ballot Position Update] New position, Yes, has been recorded for Spencer Dawkins |
2015-04-20
|
06 | Brian Haberman | [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman |
2015-04-17
|
06 | Martin Stiemerling | [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling |
2015-04-16
|
06 | Jean Mahoney | Request for Telechat review by GENART is assigned to Roni Even |
2015-04-16
|
06 | Jean Mahoney | Request for Telechat review by GENART is assigned to Roni Even |
2015-04-15
|
06 | (System) | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2015-04-14
|
06 | Stephen Farrell | IESG state changed to IESG Evaluation from IESG Evaluation::AD Followup |
2015-04-14
|
06 | Stephen Farrell | Changed consensus to Yes from Unknown |
2015-04-14
|
06 | Stephen Farrell | Placed on agenda for telechat - 2015-04-23 |
2015-04-14
|
06 | Stephen Farrell | IESG state changed to IESG Evaluation::AD Followup from Waiting for Writeup::AD Followup |
2015-04-14
|
06 | Stephen Farrell | Ballot has been issued |
2015-04-14
|
06 | Stephen Farrell | [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell |
2015-04-14
|
06 | Stephen Farrell | Created "Approve" ballot |
2015-04-14
|
06 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2015-04-14
|
06 | Peter Saint-Andre | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2015-04-14
|
06 | Peter Saint-Andre | New version available: draft-ietf-uta-xmpp-06.txt |
2015-04-14
|
05 | Stephen Farrell | IESG state changed to Waiting for Writeup::Revised I-D Needed from Waiting for Writeup |
2015-04-14
|
05 | Stephen Farrell | Ballot writeup was changed |
2015-04-13
|
05 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2015-04-09
|
05 | Gunter Van de Velde | Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Jürgen Schönwälder. |
2015-04-09
|
05 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Ready. Reviewer: Hannes Tschofenig. |
2015-04-08
|
05 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2015-04-08
|
05 | Pearl Liang | IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-uta-xmpp-05, which is currently in Last Call, and has the following comments: We understand that, upon approval of this … IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-uta-xmpp-05, which is currently in Last Call, and has the following comments: We understand that, upon approval of this document, there are no IANA Actions that need completion. While it is helpful for the IANA Considerations section of the document to remain in place upon publication, if the authors prefer to remove it, IANA doesn't object. If this assessment is not accurate, please respond as soon as possible. |
2015-04-05
|
05 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Jürgen Schönwälder |
2015-04-05
|
05 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Jürgen Schönwälder |
2015-04-03
|
05 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Hannes Tschofenig |
2015-04-03
|
05 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Hannes Tschofenig |
2015-04-03
|
05 | Tero Kivinen | Closed request for Last Call review by SECDIR with state 'Withdrawn' |
2015-04-02
|
05 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Yaron Sheffer |
2015-04-02
|
05 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Yaron Sheffer |
2015-03-30
|
05 | Jean Mahoney | Request for Last Call review by GENART is assigned to Roni Even |
2015-03-30
|
05 | Jean Mahoney | Request for Last Call review by GENART is assigned to Roni Even |
2015-03-30
|
05 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2015-03-30
|
05 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Use of Transport Layer Security … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP)) to Proposed Standard The IESG has received a request from the Using TLS in Applications WG (uta) to consider the following document: - 'Use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP)' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-04-13. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document provides recommendations for the use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP). This document updates RFC 6120. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-uta-xmpp/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-uta-xmpp/ballot/ No IPR declarations have been submitted directly on this I-D. ID nits says some references are out of date, we'll fix that as we go. |
2015-03-30
|
05 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2015-03-30
|
05 | Amy Vezza | Last call announcement was changed |
2015-03-28
|
05 | Stephen Farrell | Last call was requested |
2015-03-28
|
05 | Stephen Farrell | Ballot approval text was generated |
2015-03-28
|
05 | Stephen Farrell | Ballot writeup was generated |
2015-03-28
|
05 | Stephen Farrell | IESG state changed to Last Call Requested from Publication Requested |
2015-03-28
|
05 | Stephen Farrell | Last call announcement was changed |
2015-03-28
|
05 | Stephen Farrell | Last call announcement was generated |
2015-03-23
|
05 | Pete Resnick | Shepherding AD changed to Stephen Farrell |
2015-03-11
|
05 | Amy Vezza | Notification list changed to uta-chairs@ietf.org, draft-ietf-uta-xmpp.ad@ietf.org, uta@ietf.org, draft-ietf-uta-xmpp@ietf.org, draft-ietf-uta-xmpp.shepherd@ietf.org, leifj@sunet.se from "Leif Johansson" <leifj@sunet.se> |
2015-03-11
|
05 | Leif Johansson | Summary ======= Shepherd: Leif Johansson Responsible AD: Pete Resnick This document provides recommendations for the use of Transport Layer Security (TLS) in the Extensible Messaging … Summary ======= Shepherd: Leif Johansson Responsible AD: Pete Resnick This document provides recommendations for the use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP). This document updates RFC 6120. The document is intended for standards track. Review and Consensus ==================== The document extends the UTA TLS BCP to cover XMPP specifics and as such is comparatively less controversial but has still seen enough review to determine consensus. The document has been last-called in both the XMPP and UTA WGs. The review has been mostly done by a small circle of interested individuals. Please consider a review by the XMPP directorate. Intellectual Property ===================== No issues Other Issues ============ There are a bunch of outdated references in the nits but those are easy to deal with before publication. There is one normative reference to an informative RFC (RFC4949). Both of these issues can be handled in the IESG queue. |
2015-03-11
|
05 | Leif Johansson | Summary ======= Shepherd: Leif Johansson Responsible AD: Pete Resnik This document provides recommendations for the use of Transport Layer Security (TLS) in the Extensible Messaging … Summary ======= Shepherd: Leif Johansson Responsible AD: Pete Resnik This document provides recommendations for the use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP). This document updates RFC 6120. The document is intended for standards track. Review and Consensus ==================== The document extends the UTA TLS BCP to cover XMPP specifics and as such is comparatively less controversial but has still seen enough review to determine consensus. The document has been last-called in both the XMPP and UTA WGs. The review has been mostly done by a small circle of interested individuals. Please consider a review by the XMPP directorate. Intellectual Property ===================== No issues Other Issues ============ There are a bunch of outdated references in the nits but those are easy to deal with before publication. There is one normative reference to an informative RFC (RFC4949). Both of these issues can be handled in the IESG queue. |
2015-03-11
|
05 | Leif Johansson | Responsible AD changed to Pete Resnick |
2015-03-11
|
05 | Leif Johansson | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2015-03-11
|
05 | Leif Johansson | IESG state changed to Publication Requested |
2015-03-11
|
05 | Leif Johansson | IESG process started in state Publication Requested |
2015-03-08
|
05 | Leif Johansson | Intended Status changed to Proposed Standard from None |
2015-03-08
|
05 | Leif Johansson | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2015-01-26
|
05 | Leif Johansson | IETF WG state changed to In WG Last Call from WG Document |
2015-01-26
|
05 | Leif Johansson | Notification list changed to "Leif Johansson" <leifj@sunet.se> |
2015-01-26
|
05 | Leif Johansson | Document shepherd changed to Leif Johansson |
2015-01-23
|
05 | Peter Saint-Andre | New version available: draft-ietf-uta-xmpp-05.txt |
2014-11-26
|
04 | Peter Saint-Andre | New version available: draft-ietf-uta-xmpp-04.txt |
2014-11-11
|
03 | Peter Saint-Andre | New version available: draft-ietf-uta-xmpp-03.txt |
2014-09-22
|
02 | Peter Saint-Andre | New version available: draft-ietf-uta-xmpp-02.txt |
2014-09-11
|
01 | Peter Saint-Andre | New version available: draft-ietf-uta-xmpp-01.txt |
2014-03-27
|
00 | Peter Saint-Andre | New version available: draft-ietf-uta-xmpp-00.txt |