draft-ietf-xmpp-dna-02.txt   draft-ietf-xmpp-dna-03.txt 
Network Working Group P. Saint-Andre Network Working Group P. Saint-Andre
Internet-Draft M. Miller Internet-Draft M. Miller
Intended status: Standards Track Cisco Systems, Inc. Intended status: Standards Track Cisco Systems, Inc.
Expires: October 17, 2013 April 15, 2013 Expires: March 10, 2014 September 6, 2013
Domain Name Associations (DNA) in the Extensible Messaging and Presence Domain Name Associations (DNA) in the Extensible Messaging and Presence
Protocol (XMPP) Protocol (XMPP)
draft-ietf-xmpp-dna-02 draft-ietf-xmpp-dna-03
Abstract Abstract
This document improves the security of the Extensible Messaging and This document improves the security of the Extensible Messaging and
Presence Protocol (XMPP) in two ways. First, it specifies how Presence Protocol (XMPP) in two ways. First, it specifies how
"prooftypes" can establish a strong association between a domain name "prooftypes" can establish a strong association between a domain name
and an XML stream. Second, it describes how to securely delegate a and an XML stream. Second, it describes how to securely delegate a
source domain to a derived domain, which is especially important in source domain to a derived domain, which is especially important in
virtual hosting environments. virtual hosting environments.
Status of This Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 17, 2013. This Internet-Draft will expire on March 10, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Flow Chart . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Flow Chart . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. A Simple Scenario . . . . . . . . . . . . . . . . . . . . . . 5 4. A Simple Scenario . . . . . . . . . . . . . . . . . . . . . . 6
5. One-Way Authentication . . . . . . . . . . . . . . . . . . . 6 5. One-Way Authentication . . . . . . . . . . . . . . . . . . . . 7
6. Piggybacking . . . . . . . . . . . . . . . . . . . . . . . . 7 6. Piggybacking . . . . . . . . . . . . . . . . . . . . . . . . . 8
6.1. Assertion . . . . . . . . . . . . . . . . . . . . . . . . 7 6.1. Assertion . . . . . . . . . . . . . . . . . . . . . . . . 8
6.2. Supposition . . . . . . . . . . . . . . . . . . . . . . . 9 6.2. Supposition . . . . . . . . . . . . . . . . . . . . . . . 9
7. Alternative Prooftypes . . . . . . . . . . . . . . . . . . . 10 7. Alternative Prooftypes . . . . . . . . . . . . . . . . . . . . 10
7.1. DANE . . . . . . . . . . . . . . . . . . . . . . . . . . 10 7.1. DANE . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
7.2. POSH . . . . . . . . . . . . . . . . . . . . . . . . . . 10 7.2. POSH . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
8. Secure Delegation and Multi-Tenancy . . . . . . . . . . . . . 11 8. Secure Delegation and Multi-Tenancy . . . . . . . . . . . . . 11
9. Prooftype Model . . . . . . . . . . . . . . . . . . . . . . . 12 9. Prooftype Model . . . . . . . . . . . . . . . . . . . . . . . 12
10. Security Considerations . . . . . . . . . . . . . . . . . . . 12 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 10.1. Well-Known URI for xmpp-client Service . . . . . . . . . . 12
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 10.2. Well-Known URI for xmpp-server Service . . . . . . . . . . 13
12.1. Normative References . . . . . . . . . . . . . . . . . . 12 11. Security Considerations . . . . . . . . . . . . . . . . . . . 13
12.2. Informative References . . . . . . . . . . . . . . . . . 13 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 12.1. Normative References . . . . . . . . . . . . . . . . . . . 13
12.2. Informative References . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction 1. Introduction
The need to establish a strong association between a domain name and The need to establish a strong association between a domain name and
an XML stream arises in both client-to-server and server-to-server an XML stream arises in both client-to-server and server-to-server
communication using the Extensible Messaging and Presence Protocol communication using the Extensible Messaging and Presence Protocol
(XMPP), because XMPP servers are typically identified by DNS domain (XMPP), because XMPP servers are typically identified by DNS domain
names. However, a client or peer server needs to verify the identity names. However, a client or peer server needs to verify the identity
of a server to which it connects. To date, such verification has of a server to which it connects. To date, such verification has
been established based on information obtained from the Domain Name been established based on information obtained from the Domain Name
skipping to change at page 5, line 18 skipping to change at page 5, line 44
| | | |
+-----------------------------------------------+ +-----------------------------------------------+
| |
| |
(Section 6.2: Piggybacking Supposition) (Section 6.2: Piggybacking Supposition)
| |
| |
+-----------SUBSEQUENT CONNECTION---------------+ +-----------SUBSEQUENT CONNECTION---------------+
| | | |
| B: <stream from='c.example' | | B: <stream from='c.example' |
| to='chatrooms.a.example'> | | to='rooms.a.example'> |
| | | |
| A: <stream from='chatrooms.a.example' | | A: <stream from='rooms.a.example' |
| to='c.example'> | | to='c.example'> |
| | | |
+-----------------------------------------------+ +-----------------------------------------------+
| |
+-----------DNA DANCE AS ABOVE------------------+ +-----------DNA DANCE AS ABOVE------------------+
| | | |
| DNS RESOLUTION, STREAM HEADERS, | | DNS RESOLUTION, STREAM HEADERS, |
| TLS NEGOTIATION, AUTHENTICATION | | TLS NEGOTIATION, AUTHENTICATION |
| | | |
+-----------------------------------------------+ +-----------------------------------------------+
| |
+-----------DIALBACK OPTIMIZATION---------------+ +-----------DIALBACK OPTIMIZATION---------------+
| | | |
| B: <db:result from='c.example' | | B: <db:result from='c.example' |
| to='chatrooms.a.example'/> | | to='rooms.a.example'/> |
| | | |
| B: <db:result from='chatrooms.a.example' | | B: <db:result from='rooms.a.example' |
| to='c.example' | | to='c.example' |
| type='valid'/> | | type='valid'/> |
| | | |
+-----------------------------------------------+ +-----------------------------------------------+
4. A Simple Scenario 4. A Simple Scenario
To illustrate the problem, consider the simplified order of events To illustrate the problem, consider the simplified order of events
(see [RFC6120] for details) in establishing an XML stream between (see [RFC6120] for details) in establishing an XML stream between
Server A (a.example) and Server B (b.example): Server A (a.example) and Server B (b.example):
skipping to change at page 6, line 34 skipping to change at page 7, line 8
these proofs are consistent with the XMPP profile of the matching these proofs are consistent with the XMPP profile of the matching
rules from [RFC6125], each server accepts that there is a strong rules from [RFC6125], each server accepts that there is a strong
domain name association between its stream to the other party and domain name association between its stream to the other party and
the DNS domain name of the other party. the DNS domain name of the other party.
Several simplifying assumptions underlie the happy scenario just Several simplifying assumptions underlie the happy scenario just
outlined: outlined:
o Server A presents a PKIX certificate during TLS negotiation, which o Server A presents a PKIX certificate during TLS negotiation, which
enables the parties to complete mutual authentication. enables the parties to complete mutual authentication.
o There are no additional domains associated with Server A and o There are no additional domains associated with Server A and
Server B (say, a subdomain chatrooms.a.example on Server A or a Server B (say, a subdomain rooms.a.example on Server A or a second
second domain c.example on Server B). domain c.example on Server B).
o The server administrators are able to obtain PKIX certificates in o The server administrators are able to obtain PKIX certificates in
the first place. the first place.
o The server administrators are running their own XMPP servers, o The server administrators are running their own XMPP servers,
rather than using hosting services. rather than using hosting services.
Let's consider each of these "wrinkles" in turn. Let's consider each of these "wrinkles" in turn.
5. One-Way Authentication 5. One-Way Authentication
If Server A does not present its PKIX certificate during TLS If Server A does not present its PKIX certificate during TLS
negotiation (perhaps because it wishes to verify the identity of negotiation (perhaps because it wishes to verify the identity of
Server B before presenting its own credentials), Server B is unable Server B before presenting its own credentials), Server B is unable
skipping to change at page 6, line 52 skipping to change at page 7, line 23
o The server administrators are running their own XMPP servers, o The server administrators are running their own XMPP servers,
rather than using hosting services. rather than using hosting services.
Let's consider each of these "wrinkles" in turn. Let's consider each of these "wrinkles" in turn.
5. One-Way Authentication 5. One-Way Authentication
If Server A does not present its PKIX certificate during TLS If Server A does not present its PKIX certificate during TLS
negotiation (perhaps because it wishes to verify the identity of negotiation (perhaps because it wishes to verify the identity of
Server B before presenting its own credentials), Server B is unable Server B before presenting its own credentials), Server B is unable
to mutually authenticate Server A. Therefore, Server B needs to to mutually authenticate Server A. Therefore, Server B needs to
negotiate and authenticate a stream to Server A, just as Server A has negotiate and authenticate a stream to Server A, just as Server A has
done: done:
1. Server B resolves the DNS domain name a.example. 1. Server B resolves the DNS domain name a.example.
2. Server B opens a TCP connection to the resolved IP address. 2. Server B opens a TCP connection to the resolved IP address.
3. Server B sends an initial stream header to Server A, asserting 3. Server B sends an initial stream header to Server A, asserting
that it is b.example: that it is b.example:
<stream:stream from='b.example' to='a.example'> <stream:stream from='b.example' to='a.example'>
4. Server A sends a response stream header to Server B, asserting 4. Server A sends a response stream header to Server B, asserting
that it is a.example: that it is a.example:
<stream:stream from='a.example' to='b.example'> <stream:stream from='a.example' to='b.example'>
5. The servers attempt TLS negotiation, during which Server A 5. The servers attempt TLS negotiation, during which Server A
(acting as a TLS server) presents a PKIX certificate proving that (acting as a TLS server) presents a PKIX certificate proving that
it is a.example. it is a.example.
6. Server B checks the PKIX certificate that Server A provided; if 6. Server B checks the PKIX certificate that Server A provided; if
it is consistent with the XMPP profile of the matching rules from it is consistent with the XMPP profile of the matching rules from
[RFC6125], Server B accepts that there is a strong domain name [RFC6125], Server B accepts that there is a strong domain name
association between its stream to Server A and the DNS domain association between its stream to Server A and the DNS domain
name a.example. name a.example.
Unfortunately, now the servers are using two TCP connections instead Unfortunately, now the servers are using two TCP connections instead
of one, which is somewhat wasteful. However, there are ways to tie of one, which is somewhat wasteful. However, there are ways to tie
the authentication achieved on the second TCP connection to the first the authentication achieved on the second TCP connection to the first
TCP connection; see [XEP-0288] for further discussion. TCP connection; see [XEP-0288] for further discussion.
skipping to change at page 8, line 7 skipping to change at page 8, line 24
TCP connection and negotiate new XML streams for the domain pair of TCP connection and negotiate new XML streams for the domain pair of
c.example and a.example, that too is wasteful. Server B already has c.example and a.example, that too is wasteful. Server B already has
a connection to a.example, so how can it assert that it would like to a connection to a.example, so how can it assert that it would like to
add a new domain pair to the existing connection? add a new domain pair to the existing connection?
The traditional method for doing so is the Server Dialback protocol, The traditional method for doing so is the Server Dialback protocol,
first specified in [RFC3920] and since moved to [XEP-0220]. Here, first specified in [RFC3920] and since moved to [XEP-0220]. Here,
Server B can send a <db:result/> element for the new domain pair over Server B can send a <db:result/> element for the new domain pair over
the existing stream. the existing stream.
<db:result from='c.example' to='a.example'> <db:result from='c.example' to='a.example'>
some-dialback-key some-dialback-key
</db:result> </db:result>
This element functions as Server B's assertion that it is (also) This element functions as Server B's assertion that it is (also)
c.example, and thus is functionally equivalent to the 'from' address c.example, and thus is functionally equivalent to the 'from' address
of an initial stream header as previously described. of an initial stream header as previously described.
In response to this assertion, Server A needs to obtain some kind of In response to this assertion, Server A needs to obtain some kind of
proof that Server B really is also c.example. It can do the same proof that Server B really is also c.example. It can do the same
thing that it did before: thing that it did before:
1. Server A resolves the DNS domain name c.example. 1. Server A resolves the DNS domain name c.example.
skipping to change at page 8, line 20 skipping to change at page 8, line 37
This element functions as Server B's assertion that it is (also) This element functions as Server B's assertion that it is (also)
c.example, and thus is functionally equivalent to the 'from' address c.example, and thus is functionally equivalent to the 'from' address
of an initial stream header as previously described. of an initial stream header as previously described.
In response to this assertion, Server A needs to obtain some kind of In response to this assertion, Server A needs to obtain some kind of
proof that Server B really is also c.example. It can do the same proof that Server B really is also c.example. It can do the same
thing that it did before: thing that it did before:
1. Server A resolves the DNS domain name c.example. 1. Server A resolves the DNS domain name c.example.
2. Server A opens a TCP connection to the resolved IP address (which 2. Server A opens a TCP connection to the resolved IP address (which
might be the same IP address as for b.example). might be the same IP address as for b.example).
3. Server A sends an initial stream header to Server B, asserting 3. Server A sends an initial stream header to Server B, asserting
that it is a.example: that it is a.example:
<stream:stream from='a.example' to='c.example'> <stream:stream from='a.example' to='c.example'>
4. Server B sends a response stream header to Server A, asserting 4. Server B sends a response stream header to Server A, asserting
that it is c.example: that it is c.example:
<stream:stream from='c.example' to='a.example'> <stream:stream from='c.example' to='a.example'>
5. The servers attempt TLS negotiation, during which Server B 5. The servers attempt TLS negotiation, during which Server B
(acting as a TLS server) presents a PKIX certificate proving that (acting as a TLS server) presents a PKIX certificate proving that
it is c.example. it is c.example.
6. Server A checks the PKIX certificate that Server B provided; if 6. Server A checks the PKIX certificate that Server B provided; if
it is consistent with the XMPP profile of the matching rules from it is consistent with the XMPP profile of the matching rules from
[RFC6125], Server A accepts that there is a strong domain name [RFC6125], Server A accepts that there is a strong domain name
association between its stream to Server B and the DNS domain association between its stream to Server B and the DNS domain
name c.example. name c.example.
Now that Server A accepts the domain name association, it informs Now that Server A accepts the domain name association, it informs
Server B of that fact: Server B of that fact:
<db:result from='a.example' to='c.example' type='valid'/> <db:result from='a.example' to='c.example' type='valid'/>
The parties can then terminate the second connection, since it was The parties can then terminate the second connection, since it was
used only for Server A to associate a stream over the same IP:port used only for Server A to associate a stream over the same IP:port
combination with the domain name c.example (dialback key links the combination with the domain name c.example (dialback key links the
original stream to the new association). original stream to the new association).
6.2. Supposition 6.2. Supposition
Piggybacking can also occur in the other direction. Consider the Piggybacking can also occur in the other direction. Consider the
common scenario in which Server A provides XMPP services not only for common scenario in which Server A provides XMPP services not only for
a.example but also for a subdomain such as a groupchat service at a.example but also for a subdomain such as a groupchat service at
chatrooms.a.example (see [XEP-0045]). If a user from c.example at rooms.a.example (see [XEP-0045]). If a user from c.example at Server
Server B wishes to join a room on the groupchat sevice, Server B B wishes to join a room on the groupchat sevice, Server B needs to
needs to send XMPP stanzas from the domain c.example to the domain send XMPP stanzas from the domain c.example to the domain
chatrooms.a.example rather than a.example. Therefore, Server B needs rooms.a.example rather than a.example. Therefore, Server B needs to
to negotiate and authenticate a stream to chatrooms.a.example: negotiate and authenticate a stream to rooms.a.example:
1. Server B resolves the DNS domain name chatrooms.a.example.
1. Server B resolves the DNS domain name rooms.a.example.
2. Server B opens a TCP connection to the resolved IP address. 2. Server B opens a TCP connection to the resolved IP address.
3. Server B sends an initial stream header to Server A acting as 3. Server B sends an initial stream header to Server A acting as
chatrooms.a.example, asserting that it is b.example: rooms.a.example, asserting that it is b.example:
<stream:stream from='b.example' to='chatrooms.a.example'>
<stream:stream from='b.example' to='rooms.a.example'>
4. Server A sends a response stream header to Server B, asserting 4. Server A sends a response stream header to Server B, asserting
that it is chatrooms.a.example: that it is rooms.a.example:
<stream:stream from='chatrooms.a.example' to='b.example'>
<stream:stream from='rooms.a.example' to='b.example'>
5. The servers attempt TLS negotiation, during which Server A 5. The servers attempt TLS negotiation, during which Server A
(acting as a TLS server) presents a PKIX certificate proving that (acting as a TLS server) presents a PKIX certificate proving that
it is chatrooms.a.example. it is rooms.a.example.
6. Server B checks the PKIX certificate that Server A provided; if 6. Server B checks the PKIX certificate that Server A provided; if
it is consistent with the XMPP profile of the matching rules from it is consistent with the XMPP profile of the matching rules from
[RFC6125], Server B accepts that there is a strong domain name [RFC6125], Server B accepts that there is a strong domain name
association between its stream to Server A and the DNS domain association between its stream to Server A and the DNS domain
name chatrooms.a.example. name rooms.a.example.
As before, the parties now have two TCP connections open. So that As before, the parties now have two TCP connections open. So that
they can close the now-redundant connection, Server B sends a they can close the now-redundant connection, Server B sends a
dialback key to Server A over the new connection. dialback key to Server A over the new connection.
<db:result from='c.example' to='chatrooms.a.example'> <db:result from='c.example' to='rooms.a.example'>
some-dialback-key some-dialback-key
</db:result> </db:result>
Server A then informs Server B that it accepts the domain name Server A then informs Server B that it accepts the domain name
association: association:
<db:result from='chatrooms.a.example' to='c.example' type='valid'/> <db:result from='rooms.a.example' to='c.example' type='valid'/>
Server B can now close the connection over which it tested the domain Server B can now close the connection over which it tested the domain
name association for chatrooms.a.example. name association for rooms.a.example.
7. Alternative Prooftypes 7. Alternative Prooftypes
The foregoing protocol flows assumed that domain name associations The foregoing protocol flows assumed that domain name associations
were proved using the standard PKI prooftype specified in [RFC6120]: were proved using the standard PKI prooftype specified in [RFC6120]:
that is, the server's proof consists of a PKIX certificate that is that is, the server's proof consists of a PKIX certificate that is
checked according to a profile of the matching rules from [RFC6125], checked according to a profile of the matching rules from [RFC6125],
the client's verification material is obtained out of band in the the client's verification material is obtained out of band in the
form of a trusted root, and secure DNS is not necessary. form of a trusted root, and secure DNS is not necessary.
skipping to change at page 10, line 44 skipping to change at page 10, line 48
In the DANE prooftype, the server's proof consists of a PKIX In the DANE prooftype, the server's proof consists of a PKIX
certificate that is compared as an exact match or a hash of either certificate that is compared as an exact match or a hash of either
the SubjectPublicKeyInfo or the full certificate, and the client's the SubjectPublicKeyInfo or the full certificate, and the client's
verification material is obtained via secure DNS. verification material is obtained via secure DNS.
The DANE prooftype is based on [I-D.ietf-dane-srv]. For XMPP The DANE prooftype is based on [I-D.ietf-dane-srv]. For XMPP
purposes, the following rules apply: purposes, the following rules apply:
o If there is no SRV resource record, pursue the fallback methods o If there is no SRV resource record, pursue the fallback methods
described in [RFC6120]. described in [RFC6120].
o Use the 'to' address of the initial stream header to determine the o Use the 'to' address of the initial stream header to determine the
domain name of the TLS client's reference identifier (since use of domain name of the TLS client's reference identifier (since use of
the TLS Server Name Indication is purely discretionary in XMPP, as the TLS Server Name Indication is purely discretionary in XMPP, as
mentioned in [RFC6120]). mentioned in [RFC6120]).
7.2. POSH 7.2. POSH
In the POSH (PKIX Over Secure HTTP) prooftype, the server's proof In the POSH (PKIX Over Secure HTTP) prooftype, the server's proof
consists of a PKIX certificate that is checked according to the rules consists of a PKIX certificate that is checked according to the rules
from [RFC6120] and [RFC6125], the client's verification material is from [RFC6120] and [RFC6125], the client's verification material is
obtained by retrieving the PKIK certificate over HTTPS at a well- obtained by retrieving the PKIK certificate over HTTPS at a well-
known URI [RFC5785], and secure DNS is not necessary since the HTTPS known URI [RFC5785], and secure DNS is not necessary since the HTTPS
retrieval mechanism relies on the chain of trust from the public key retrieval mechanism relies on the chain of trust from the public key
infrastructure. infrastructure.
POSH is fully defined in [I-D.miller-xmpp-posh-prooftype]. POSH is defined in [I-D.miller-posh]. For XMPP purposes, the well-
known URIs [RFC5785] to be used are:
o "/.well-known/posh._xmpp-client._tcp.json" for client-to-server
connections
o "/.well-known/posh._xmpp-server._tcp.json" for server-to-server
connections
8. Secure Delegation and Multi-Tenancy 8. Secure Delegation and Multi-Tenancy
One common method for deploying XMPP services is multi-tenancy or One common method for deploying XMPP services is multi-tenancy or
virtual hosting: e.g., the XMPP service for example.com is actually virtual hosting: e.g., the XMPP service for example.com is actually
hosted at hosting.example.net. Such an arrangement is relatively hosted at hosting.example.net. Such an arrangement is relatively
convenient in XMPP given the use of DNS SRV records [RFC2782], such convenient in XMPP given the use of DNS SRV records [RFC2782], such
as the following pointer from example.com to hosting.example.net: as the following pointer from example.com to hosting.example.net:
_xmpp-server._tcp.example.com. 0 IN SRV 0 0 5269 hosting.example.net _xmpp-server._tcp.example.com. 0 IN SRV 0 0 5269 hosting.example.net
skipping to change at page 11, line 47 skipping to change at page 12, line 8
unencrypted or the communications are TLS-encrypted but the unencrypted or the communications are TLS-encrypted but the
certificates are not checked (which is functionally equivalent to a certificates are not checked (which is functionally equivalent to a
connection using an anonymous key exchange). This is also true of connection using an anonymous key exchange). This is also true of
client-to-server communications, forcing end users to override client-to-server communications, forcing end users to override
certificate warnings or configure their clients to accept certificate warnings or configure their clients to accept
certificates for hosting.example.net instead of example.com. The certificates for hosting.example.net instead of example.com. The
fundamental problem here is that if DNSSEC is not used then the act fundamental problem here is that if DNSSEC is not used then the act
of delegation via DNS SRV records is inherently insecure. of delegation via DNS SRV records is inherently insecure.
[I-D.ietf-dane-srv] explains how to use DNSSEC for secure delegation [I-D.ietf-dane-srv] explains how to use DNSSEC for secure delegation
with the DANE prooftype and [I-D.miller-xmpp-posh-prooftype] explains with the DANE prooftype and [I-D.miller-posh] explains how to use
how to use HTTPS redirects for secure delegation with the POSH HTTPS redirects for secure delegation with the POSH prooftype.
prooftype.
9. Prooftype Model 9. Prooftype Model
In general, a DNA prooftype conforms to the following definition: In general, a DNA prooftype conforms to the following definition:
prooftype: A mechanism for proving an association between a domain prooftype: A mechanism for proving an association between a domain
name and an XML stream, where the mechanism defines (1) the nature name and an XML stream, where the mechanism defines (1) the nature
of the server's proof, (2) the matching rules for comparing the of the server's proof, (2) the matching rules for comparing the
client's verification material against the server's proof, (3) how client's verification material against the server's proof, (3) how
the client obtains its verification material, and (4) whether the the client obtains its verification material, and (4) whether the
skipping to change at page 12, line 25 skipping to change at page 12, line 31
The PKI, DANE, and POSH prooftypes adhere to this model. In The PKI, DANE, and POSH prooftypes adhere to this model. In
addition, other prooftypes are possible (examples might include PGP addition, other prooftypes are possible (examples might include PGP
keys rather than PKIX certificates, or a token mechanism such as keys rather than PKIX certificates, or a token mechanism such as
Kerberos or OAuth). Kerberos or OAuth).
Some prooftypes depend on (or are enhanced by) secure DNS and Some prooftypes depend on (or are enhanced by) secure DNS and
therefore also need to describe how secure delegation occurs for that therefore also need to describe how secure delegation occurs for that
prooftype. prooftype.
10. Security Considerations 10. IANA Considerations
The POSH specification [I-D.miller-posh] defines a registry for well-
known URIs [RFC5785] of protocols that make use of POSH. This
specification registers two such URIs, for which the completed
registration templates follow.
10.1. Well-Known URI for xmpp-client Service
This specification registers the "posh._xmpp-client._tcp.json" well-
known URI in the Well-Known URI Registry as defined by [RFC5785].
URI suffix: posh._xmpp-client._tcp.json
Change controller: IETF
Specification document(s): [[ this document ]]
10.2. Well-Known URI for xmpp-server Service
This specification registers the "posh._xmpp-server._tcp.json" well-
known URI in the Well-Known URI Registry as defined by [RFC5785].
URI suffix: posh._xmpp-server._tcp.json
Change controller: IETF
Specification document(s): [[ this document ]]
11. Security Considerations
This document supplements but does not supersede the security This document supplements but does not supersede the security
considerations of [RFC6120] and [RFC6125]. Relevant security considerations of [RFC6120] and [RFC6125]. Relevant security
considerations can also be found in [I-D.ietf-dane-srv] and considerations can also be found in [I-D.ietf-dane-srv] and
[I-D.miller-xmpp-posh-prooftype]. [I-D.miller-posh].
11. IANA Considerations
This document has no actions for the IANA.
12. References 12. References
12.1. Normative References 12.1. Normative References
[I-D.ietf-dane-srv] [I-D.ietf-dane-srv]
Finch, T., "Using DNS-Based Authentication of Named Finch, T., "Using DNS-Based Authentication of Named
Entities (DANE) TLSA records with SRV and MX records.", Entities (DANE) TLSA records with SRV and MX records.",
draft-ietf-dane-srv-02 (work in progress), February 2013. draft-ietf-dane-srv-02 (work in progress), February 2013.
[I-D.miller-xmpp-posh-prooftype] [I-D.miller-posh]
Saint-Andre, P., "Using PKIX over Secure HTTP (POSH) as a Miller, M. and P. Saint-Andre, "PKIX over Secure HTTP
Prooftype for XMPP Domain Name Associations", draft- (POSH)", draft-miller-posh-01 (work in progress),
miller-xmpp-posh-prooftype-03 (work in progress), February September 2013.
2013.
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities", [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, November 1987. STD 13, RFC 1034, November 1987.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987. specification", STD 13, RFC 1035, November 1987.
[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
specifying the location of services (DNS SRV)", RFC 2782, specifying the location of services (DNS SRV)", RFC 2782,
February 2000. February 2000.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements", RFC Rose, "DNS Security Introduction and Requirements",
4033, May 2005. RFC 4033, May 2005.
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2", RFC [RFC4949] Shirey, R., "Internet Security Glossary, Version 2",
4949, August 2007. RFC 4949, August 2007.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008. (CRL) Profile", RFC 5280, May 2008.
[RFC5785] Nottingham, M. and E. Hammer-Lahav, "Defining Well-Known [RFC5785] Nottingham, M. and E. Hammer-Lahav, "Defining Well-Known
Uniform Resource Identifiers (URIs)", RFC 5785, April Uniform Resource Identifiers (URIs)", RFC 5785,
2010. April 2010.
[RFC6120] Saint-Andre, P., "Extensible Messaging and Presence [RFC6120] Saint-Andre, P., "Extensible Messaging and Presence
Protocol (XMPP): Core", RFC 6120, March 2011. Protocol (XMPP): Core", RFC 6120, March 2011.
[RFC6125] Saint-Andre, P. and J. Hodges, "Representation and [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and
Verification of Domain-Based Application Service Identity Verification of Domain-Based Application Service Identity
within Internet Public Key Infrastructure Using X.509 within Internet Public Key Infrastructure Using X.509
(PKIX) Certificates in the Context of Transport Layer (PKIX) Certificates in the Context of Transport Layer
Security (TLS)", RFC 6125, March 2011. Security (TLS)", RFC 6125, March 2011.
[XEP-0220] [XEP-0220]
Miller, J., Saint-Andre, P., and P. Hancke, "Server Miller, J., Saint-Andre, P., and P. Hancke, "Server
Dialback", XSF XEP 0220, August 2012. Dialback", XSF XEP 0220, August 2013.
12.2. Informative References 12.2. Informative References
[RFC3920] Saint-Andre, P., Ed., "Extensible Messaging and Presence [RFC3920] Saint-Andre, P., Ed., "Extensible Messaging and Presence
Protocol (XMPP): Core", RFC 3920, October 2004. Protocol (XMPP): Core", RFC 3920, October 2004.
[XEP-0045] [XEP-0045]
Saint-Andre, P., "Multi-User Chat", XSF XEP 0045, February Saint-Andre, P., "Multi-User Chat", XSF XEP 0045,
2012. February 2012.
[XEP-0238] [XEP-0238]
Saint-Andre, P., "XMPP Protocol Flows for Inter-Domain Saint-Andre, P., "XMPP Protocol Flows for Inter-Domain
Federation", XSF XEP 0238, March 2008. Federation", XSF XEP 0238, March 2008.
[XEP-0288] [XEP-0288]
Hancke, P. and D. Cridland, "Bidirectional Server-to- Hancke, P. and D. Cridland, "Bidirectional Server-to-
Server Connections", XSF XEP 0288, August 2012. Server Connections", XSF XEP 0288, August 2012.
Authors' Addresses Authors' Addresses
 End of changes. 49 change blocks. 
94 lines changed or deleted 107 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/