PKIX over Secure HTTP (POSH)
draft-ietf-xmpp-posh-06
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2015-11-17
|
06 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2015-11-13
|
06 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2015-10-26
|
06 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2015-10-14
|
06 | (System) | Notify list changed from draft-ietf-xmpp-posh.shepherd@ietf.org, xmpp-chairs@ietf.org, dave@cridland.net, draft-ietf-xmpp-posh.ad@ietf.org, draft-ietf-xmpp-posh@ietf.org to (None) |
2015-09-21
|
06 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2015-09-21
|
06 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2015-09-21
|
06 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2015-09-20
|
06 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2015-09-18
|
06 | (System) | IANA Action state changed to In Progress from On Hold |
2015-09-10
|
06 | (System) | IANA Action state changed to On Hold from In Progress |
2015-09-10
|
06 | (System) | IANA Action state changed to In Progress |
2015-09-10
|
06 | (System) | RFC Editor state changed to EDIT |
2015-09-10
|
06 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2015-09-10
|
06 | (System) | Announcement was received by RFC Editor |
2015-09-09
|
06 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent::Point Raised - writeup needed |
2015-09-09
|
06 | Cindy Morgan | IESG has approved the document |
2015-09-09
|
06 | Cindy Morgan | Closed "Approve" ballot |
2015-09-09
|
06 | Cindy Morgan | Ballot writeup was changed |
2015-09-09
|
06 | Ben Campbell | Ballot approval text was generated |
2015-09-09
|
06 | Matthew Miller | New version available: draft-ietf-xmpp-posh-06.txt |
2015-09-01
|
05 | Matthew Miller | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2015-09-01
|
05 | Matthew Miller | New version available: draft-ietf-xmpp-posh-05.txt |
2015-08-13
|
04 | Gunter Van de Velde | Closed request for Last Call review by OPSDIR with state 'No Response' |
2015-08-13
|
04 | Tero Kivinen | Closed request for Last Call review by SECDIR with state 'No Response' |
2015-08-06
|
04 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation |
2015-08-06
|
04 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2015-08-05
|
04 | Alia Atlas | [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas |
2015-08-05
|
04 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
2015-08-05
|
04 | Cindy Morgan | Changed consensus to Yes from Unknown |
2015-08-05
|
04 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2015-08-05
|
04 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2015-08-05
|
04 | Stephen Farrell | [Ballot comment] 3.1: fingerprints: sigh, I wish we could agree to just do this kind of thing a few times and not re-do it over … [Ballot comment] 3.1: fingerprints: sigh, I wish we could agree to just do this kind of thing a few times and not re-do it over and over and over (but we always do;-). RFC6920 could probably have been used there (caveat lector: that's an RFC I'm a co-author on). 3.1: fingerprints - your hash input here is the entire cert so the value will be out of date when a cert expires (or is revoked). While 3.3 makes clear that a match on any of these is ok, I think it'd be good to say here that the hashes may be of different certs. You do clarify in section 7, but I'd suggest moving section 7 into 3.1 myself. (I don't object if you prefer to not change though.) 3.2: A "MUST use HTTPS" statement might have been nice there. It's not absolutely needed but would maybe be something to help an implementer not get this wrong by just using some generic URL handling library without a check for scheme==https. section 6: surely the cache expiry ought be the earliest of the possibly two POST expires or the X.509 notAfter? section 8: see my comments on draft-dna, I think the .well-known URIs should be here and not there. But it works as-is too, even if ickky:-) section 8: I dislike the "{servicedesc}" thing, but that's just me. Breaking down servicedesc further into "{service}.{proto}" is worse though, I don't get why that's a good idea at all, nor the "_" convention. If you want/need all that you should've just registered "posh" as a well-known and then said the the rest of the pathname was whatever structure you needed and not possibly end up registering loads of DNA .well-known URLs. section 9: section 8 is IMO an IANA section, so you're fibbing here:-) - 11.2: odd one this but [HASH-NAMES] might be better in 11.1. I won't try force you to do that though as it may be messy. |
2015-08-05
|
04 | Stephen Farrell | [Ballot Position Update] New position, No Objection, has been recorded for Stephen Farrell |
2015-08-04
|
04 | Kathleen Moriarty | [Ballot comment] Nice work on this draft! I do have a few comments that I'd like to chat about. In the examples, could you switch … [Ballot comment] Nice work on this draft! I do have a few comments that I'd like to chat about. In the examples, could you switch them to have sha-256 as the low mark instead of sha-1? sha-1 is only a problem if you need collision resistance, but since it's just used in examples, it might be easier to just get rid of it. In the first paragraph of the Security Considerations section, could you add a reference to RFC7525 as well? Otherwise, it looks great. It should fit in nicely after the RFC2818 reference. Thanks. |
2015-08-04
|
04 | Kathleen Moriarty | [Ballot Position Update] New position, No Objection, has been recorded for Kathleen Moriarty |
2015-08-03
|
04 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2015-08-03
|
04 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2015-08-03
|
04 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2015-07-29
|
04 | Barry Leiba | [Ballot comment] No objection, in that I'm not going to block on these points, but I do ask for some discussion, please; see below. General: … [Ballot comment] No objection, in that I'm not going to block on these points, but I do ask for some discussion, please; see below. General: You're inconsistent in your use of "URI" and "URL", using the former in Sections 3 and 8, the latter in Sections 1, 3.2, and 10 -- and, of course, calling the member "url", rather than "uri". I'd prefer that you use "URI", but you should, in any case, be consistent. -- Section 3 -- When POSH is used, the first two aspects remain the same: the POSH server proves it identity by presenting a PKIX certificate [RFC5280] Typo: It proves "its" identity, not "it". * If it does not have any PKIX certificate information or a reference to such information for the requested path, it responds with an HTTP client error status code (e.g., 404). Do you really want to leave the status code unspecified ("e.g."), rather than just saying that the code to use is 404? -- Section 3.1 -- o A "fingerprints" field whose value is a JSON array of fingerprint descriptors. Here and elsewhere: the JSON term is "member", not "field" (for members of an object; arrays have "elements"). Please check the content-length in the example; I don't think it's correct (I get 176, assuming CRLF-termination, and 135 even if I get rid of all the pretty-print). Similarly for the example in Section 3.2. If you're using the pretty-print, the content-length should reflect it. If no "expires" field is included or its value is equal to 0, a POSH client SHOULD consider these verification materials invalid. But above you say that having "expires" is a "MUST". Why is this "SHOULD" and not "MUST", and why is 0 not just outright invalid (previous sentence, change "non-negative" to "positive")? (And similarly for Section 3.2.) -- Section 3.2 -- The example shows using the same sort of .well-known URI, but I presume there's no requirement that this referral be to one of those (if there is, the doc should say so). It might be worth making it clear, with something like this (or adjust it if my previous presumption is wrong): OLD o A "url" field whose value is a JSON string specifying the HTTPS URL where POSH clients can obtain the actual certificate information. NEW o A "url" field whose value is a JSON string specifying the HTTPS URL where POSH clients can obtain the actual certificate information. The URL can be a similar .well-known POSH URL, but it need not be. END -- Section 8 -- I'm not terribly happy with the mechanism of having a faux hierarchy in the .well-known name (posh.servicename.json), not registering any .well-known name here, and asking the .well-known registry (via the designated expert) to register and evaluate each POSH service -- the .well-known DE is not an expert for POSH. Also if, using your example, Victoria Beckham should want to have a .well-known URI to access her tweets from anywhere, returning them in JSON wrappers, she might want to register "posh.spice.json", which would then get in the way of that name for POSH, entirely unintentionally. I'd be much happier with using a real URI hierarchy and registering "posh" as a .well-known name here, so a POSH URI might be this: https://hosting.example.net/.well-known/posh/spice/json or this (I prefer the former, but don't really care): https://hosting.example.net/.well-known/posh/spice.json ...and you might establish an FCFS registry of POSH service names under which "spice" (or "spice.json") would be registered. Now you're putting it all under one .well-known name, and only asking the .well-known expert to review this one, rather than one for every POSH service. Hable conmigo... |
2015-07-29
|
04 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2015-07-10
|
04 | Ben Campbell | Placed on agenda for telechat - 2015-08-06 |
2015-07-10
|
04 | Ben Campbell | IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead |
2015-07-10
|
04 | Ben Campbell | Ballot has been issued |
2015-07-10
|
04 | Ben Campbell | [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell |
2015-07-10
|
04 | Ben Campbell | Created "Approve" ballot |
2015-07-08
|
04 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2015-07-08
|
04 | Pearl Liang | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-xmpp-posh-04, which is currently in Last Call, and has the following comments: We understand that, upon … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-xmpp-posh-04, which is currently in Last Call, and has the following comments: We understand that, upon approval of this document, there are no IANA Actions that need completion. While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, IANA does not object. If this assessment is not accurate, please respond as soon as possible. |
2015-07-08
|
04 | (System) | IESG state changed to Waiting for AD Go-Ahead from In Last Call |
2015-06-30
|
04 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Lionel Morand |
2015-06-30
|
04 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Lionel Morand |
2015-06-25
|
04 | Jean Mahoney | Request for Last Call review by GENART is assigned to Joel Halpern |
2015-06-25
|
04 | Jean Mahoney | Request for Last Call review by GENART is assigned to Joel Halpern |
2015-06-25
|
04 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to John Bradley |
2015-06-25
|
04 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to John Bradley |
2015-06-24
|
04 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2015-06-24
|
04 | Cindy Morgan | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (PKIX over Secure HTTP (POSH)) … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (PKIX over Secure HTTP (POSH)) to Proposed Standard The IESG has received a request from the Extensible Messaging and Presence Protocol WG (xmpp) to consider the following document: - 'PKIX over Secure HTTP (POSH)' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-07-08. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract Experience has shown that it is extremely difficult to deploy proper PKIX certificates for TLS in multi-tenanted environments. As a result, domains hosted in such environments often deploy applications using certificates that identify the hosting service, not the hosted domain. Such deployments force end users and peer services to accept a certificate with an improper identifier, resulting in obvious security implications. This document defines two methods that make it easier to deploy certificates for proper server identity checking in non-HTTP application protocols. While these methods developed for use in the Extensible Messaging and Presence Protocol (XMPP) as a Domain Name Association (DNA) prooftype, they might also be usable in other non-HTTP application protocols. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-xmpp-posh/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-xmpp-posh/ballot/ No IPR declarations have been submitted directly on this I-D. |
2015-06-24
|
04 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2015-06-24
|
04 | Ben Campbell | Last call was requested |
2015-06-24
|
04 | Ben Campbell | IESG state changed to Last Call Requested from AD Evaluation |
2015-06-24
|
04 | Ben Campbell | Ballot writeup was changed |
2015-06-24
|
04 | Ben Campbell | Ballot writeup was generated |
2015-06-24
|
04 | Ben Campbell | Ballot approval text was generated |
2015-06-24
|
04 | Ben Campbell | This is my AD Evaluation of draft-ietf-xmpp-posh-04. There's nothing here to block last call. -- section 3, first paragraph after first numbered list: " ... … This is my AD Evaluation of draft-ietf-xmpp-posh-04. There's nothing here to block last call. -- section 3, first paragraph after first numbered list: " ... server proves it identity ..." s/it/its -- 8, last sentence With this one sentence, you've made the entire introduction serve as a shaggy dog story, without detracting from its main purpose. Bravo. Also, groan :-) -- References: IDNits turns up several outdated references that probably need attention before final publication. |
2015-06-24
|
04 | Ben Campbell | Last call announcement was generated |
2015-06-24
|
04 | Ben Campbell | Last call announcement was generated |
2015-06-24
|
04 | Ben Campbell | IESG state changed to AD Evaluation from Publication Requested |
2015-06-20
|
04 | Joe Hildebrand | PROTO Shepherd Writeup for draft-ietf-xmpp-posh Shepherd writeup for draft-ietf-xmpp-posh-04 1. Summary The document shepherd is Dave Cridland. The responsible Area Director is Ben Campbell. This … PROTO Shepherd Writeup for draft-ietf-xmpp-posh Shepherd writeup for draft-ietf-xmpp-posh-04 1. Summary The document shepherd is Dave Cridland. The responsible Area Director is Ben Campbell. This document defines the "PKIX over Secure HTTP (POSH)" prooftype, to be used as part of the XMPP Domain Name Assertion (DNA) framework. From the abstract: "Experience has shown that it is extremely difficult to deploy proper PKIX certificates for TLS in multi-tenanted environments. As a result, domains hosted in such environments often deploy applications using certificates that identify the hosting service, not the hosted domain. Such deployments force end users and peer services to accept a certificate with an improper identifier, resulting in obvious security implications. This document defines two methods that make it easier to deploy certificates for proper server identity checking in non-HTTP application protocols. While these methods developed for use in the Extensible Messaging and Presence Protocol (XMPP) as a Domain Name Association (DNA) prooftype, they might also be usable in other non-HTTP application protocols." The XMPP working group believes that this technology is ready for wider implementation, and would benefit from interoperability testing. Therefore we request the document to be published as a "Proposed Standard". 2. Review and Consensus The XMPP working group is chartered to provide a solution to allow a hosting service to share an XMPP server among multiple hosted domains. That effort produced the Domain Name Assertion (DNA) framework, which is still a work-in-progress at the time of this writing. POSH was originally proposed in 2012 as a prooftype for the DNA framework. During discussion in XMPP, it became apparent that POSH might have more general applicability. There was a POSH BoF in the Security area at IETF 87. While there was recognition that POSH could be generally useful, there was no consensus to expand the effort beyond the needs of XMPP. Therefore POSH was adopted as an XMPP work item, with the idea that we would make it as general as we reasonable could without bogging down the work, but that we would not attempt to meet the specific requirements for applications other than XMPP. The chairs believe POSH has reached a broad consensus in XMPP. There has been considerable review in XMPP, and in the Security area due to the BoF. POSH does not need targeted reviews beyond the usual Gen-ART, SecDir, etc reviews. Reviews have concentrated primarily on clarifying the specification rather than altering how it works. Some members of the working group (including an author) have expressed the opinion that this is a stopgap technology rather than a long-term plan. At the time of this writing, the shepherd is aware of two experimental implementations which have not been deployed - however various implementors of XMPP have expressed some interest, and some are in progress. 3. Intellectual Property There are no IPR disclosures on this document. The authors have explicitly indicated that they are not aware of any undisclosed IPR, and understand their obligations under BCP 78 and BCP 79. 4. Other Points POSH makes no requests of IANA, but it does require application protocols that use it to register "Well-known" URIs. POSH does offer guidance on the structure of those URIs in non-normative language. |
2015-06-20
|
04 | Joe Hildebrand | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2015-06-20
|
04 | Joe Hildebrand | IESG state changed to Publication Requested |
2015-06-20
|
04 | Joe Hildebrand | IESG process started in state Publication Requested |
2015-06-20
|
04 | Joe Hildebrand | Intended Status changed to Proposed Standard from None |
2015-06-01
|
04 | Dave Cridland | Changed document writeup |
2015-04-09
|
04 | Ben Campbell | Notification list changed to draft-ietf-xmpp-posh.shepherd@ietf.org, xmpp-chairs@ietf.org, xmpp@ietf.org, dave@cridland.net, draft-ietf-xmpp-posh.ad@ietf.org, draft-ietf-xmpp-posh@ietf.org from "Dave Cridland" <dave@cridland.net> |
2015-04-09
|
04 | Ben Campbell | Notification list changed to "Dave Cridland" <dave@cridland.net> |
2015-04-09
|
04 | Ben Campbell | Document shepherd changed to Dave Cridland |
2015-04-09
|
04 | Ben Campbell | Shepherding AD changed to Ben Campbell |
2015-02-23
|
04 | Matthew Miller | New version available: draft-ietf-xmpp-posh-04.txt |
2015-02-20
|
03 | Ben Campbell | IETF WG state changed to WG Consensus: Waiting for Write-Up from WG Document |
2015-01-26
|
03 | Matthew Miller | New version available: draft-ietf-xmpp-posh-03.txt |
2014-10-10
|
02 | Matthew Miller | New version available: draft-ietf-xmpp-posh-02.txt |
2014-06-19
|
01 | Matthew Miller | New version available: draft-ietf-xmpp-posh-01.txt |
2014-02-04
|
00 | Matthew Miller | New version available: draft-ietf-xmpp-posh-00.txt |