draft-ietf-xmpp-dna-04.txt   draft-ietf-xmpp-dna-05.txt 
Network Working Group P. Saint-Andre Network Working Group P. Saint-Andre
Internet-Draft M. Miller Internet-Draft &yet
Intended status: Standards Track Cisco Systems, Inc. Intended status: Standards Track M. Miller
Expires: April 23, 2014 October 20, 2013 Expires: August 8, 2014 Cisco Systems, Inc.
February 4, 2014
Domain Name Associations (DNA) in the Extensible Messaging and Presence Domain Name Associations (DNA) in the Extensible Messaging and Presence
Protocol (XMPP) Protocol (XMPP)
draft-ietf-xmpp-dna-04 draft-ietf-xmpp-dna-05
Abstract Abstract
This document improves the security of the Extensible Messaging and This document improves the security of the Extensible Messaging and
Presence Protocol (XMPP) in two ways. First, it specifies how Presence Protocol (XMPP) in two ways. First, it specifies how
"prooftypes" can establish a strong association between a domain name "prooftypes" can establish a strong association between a domain name
and an XML stream. Second, it describes how to securely delegate a and an XML stream. Second, it describes how to securely delegate a
source domain to a derived domain, which is especially important in source domain to a derived domain, which is especially important in
virtual hosting environments. virtual hosting environments.
skipping to change at page 1, line 36 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 23, 2014. This Internet-Draft will expire on August 8, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 17 skipping to change at page 2, line 18
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Flow Chart . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Flow Chart . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. A Simple Scenario . . . . . . . . . . . . . . . . . . . . . . 6 4. A Simple Scenario . . . . . . . . . . . . . . . . . . . . . . 6
5. One-Way Authentication . . . . . . . . . . . . . . . . . . . 7 5. One-Way Authentication . . . . . . . . . . . . . . . . . . . 7
6. Piggybacking . . . . . . . . . . . . . . . . . . . . . . . . 8 6. Piggybacking . . . . . . . . . . . . . . . . . . . . . . . . 8
6.1. Assertion . . . . . . . . . . . . . . . . . . . . . . . . 8 6.1. Assertion . . . . . . . . . . . . . . . . . . . . . . . . 8
6.2. Supposition . . . . . . . . . . . . . . . . . . . . . . . 9 6.2. Supposition . . . . . . . . . . . . . . . . . . . . . . . 9
7. Alternative Prooftypes . . . . . . . . . . . . . . . . . . . 11 7. Alternative Prooftypes . . . . . . . . . . . . . . . . . . . 10
7.1. DANE . . . . . . . . . . . . . . . . . . . . . . . . . . 11 7.1. DANE . . . . . . . . . . . . . . . . . . . . . . . . . . 11
7.2. POSH . . . . . . . . . . . . . . . . . . . . . . . . . . 12 7.2. POSH . . . . . . . . . . . . . . . . . . . . . . . . . . 11
8. Secure Delegation and Multi-Tenancy . . . . . . . . . . . . . 12 8. Secure Delegation and Multi-Tenancy . . . . . . . . . . . . . 12
9. Prooftype Model . . . . . . . . . . . . . . . . . . . . . . . 13 9. Prooftype Model . . . . . . . . . . . . . . . . . . . . . . . 13
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
10.1. Well-Known URI for xmpp-client Service . . . . . . . . . 13 10.1. Well-Known URI for xmpp-client Service . . . . . . . . . 13
10.2. Well-Known URI for xmpp-server Service . . . . . . . . . 14 10.2. Well-Known URI for xmpp-server Service . . . . . . . . . 13
11. Security Considerations . . . . . . . . . . . . . . . . . . . 14 11. Security Considerations . . . . . . . . . . . . . . . . . . . 14
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
12.1. Normative References . . . . . . . . . . . . . . . . . . 14 12.1. Normative References . . . . . . . . . . . . . . . . . . 14
12.2. Informative References . . . . . . . . . . . . . . . . . 15 12.2. Informative References . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction 1. Introduction
The need to establish a strong association between a domain name and The need to establish a strong association between a domain name and
an XML stream arises in both client-to-server and server-to-server an XML stream arises in both client-to-server and server-to-server
communication using the Extensible Messaging and Presence Protocol communication using the Extensible Messaging and Presence Protocol
(XMPP) [RFC6120]. Because XMPP servers are typically identified by (XMPP) [RFC6120]. Because XMPP servers are typically identified by
DNS domain names, a client or peer server needs to verify the DNS domain names, a client or peer server needs to verify the
identity of a server to which it connects. identity of a server to which it connects.
skipping to change at page 8, line 36 skipping to change at page 8, line 33
XML streams for the domain pair of c.example and a.example, that too XML streams for the domain pair of c.example and a.example, that too
is wasteful. Server 2 already has a connection to a.example, so how is wasteful. Server 2 already has a connection to a.example, so how
can it assert that it would like to add a new domain pair to the can it assert that it would like to add a new domain pair to the
existing connection? existing connection?
The traditional method for doing so is the Server Dialback protocol, The traditional method for doing so is the Server Dialback protocol,
first specified in [RFC3920] and since moved to [XEP-0220]. Here, first specified in [RFC3920] and since moved to [XEP-0220]. Here,
Server 2 can send a <db:result/> element for the new domain pair over Server 2 can send a <db:result/> element for the new domain pair over
the existing stream. the existing stream.
<db:result from='c.example' to='a.example'> <db:result from='c.example' to='a.example'>
some-dialback-key some-dialback-key
</db:result> </db:result>
This element functions as Server 2's assertion that it is (also) This element functions as Server 2's assertion that it is (also)
c.example, and thus is functionally equivalent to the 'from' address c.example, and thus is functionally equivalent to the 'from' address
of an initial stream header as previously described. of an initial stream header as previously described.
In response to this assertion, Server 1 needs to obtain some kind of In response to this assertion, Server 1 needs to obtain some kind of
proof that Server 2 really is also c.example. It can do the same proof that Server 2 really is also c.example. It can do the same
thing that it did before: thing that it did before:
1. Server 1 resolves the DNS domain name c.example. 1. Server 1 resolves the DNS domain name c.example.
skipping to change at page 9, line 31 skipping to change at page 9, line 28
6. Server 1 checks the PKIX certificate that Server 2 provided; if 6. Server 1 checks the PKIX certificate that Server 2 provided; if
it is consistent with the XMPP profile [RFC6120] of the matching it is consistent with the XMPP profile [RFC6120] of the matching
rules from [RFC6125], Server 1 accepts that there is a strong rules from [RFC6125], Server 1 accepts that there is a strong
domain name association between its stream to Server 2 and the domain name association between its stream to Server 2 and the
DNS domain name c.example. DNS domain name c.example.
Now that Server 1 accepts the domain name association, it informs Now that Server 1 accepts the domain name association, it informs
Server 2 of that fact: Server 2 of that fact:
<db:result from='a.example' to='c.example' type='valid'/> <db:result from='a.example' to='c.example' type='valid'/>
The parties can then terminate the second connection, since it was The parties can then terminate the second connection, since it was
used only for Server 1 to associate a stream over the same IP:port used only for Server 1 to associate a stream over the same IP:port
combination with the domain name c.example (the dialback key links combination with the domain name c.example (the dialback key links
the original stream to the new association). the original stream to the new association).
6.2. Supposition 6.2. Supposition
Piggybacking can also occur in the other direction. Consider the Piggybacking can also occur in the other direction. Consider the
common scenario in which Server 1 provides XMPP services not only for common scenario in which Server 1 provides XMPP services not only for
skipping to change at page 10, line 33 skipping to change at page 10, line 31
6. Server 2 checks the PKIX certificate that Server 1 provided; if 6. Server 2 checks the PKIX certificate that Server 1 provided; if
it is consistent with the XMPP profile [RFC6120] of the matching it is consistent with the XMPP profile [RFC6120] of the matching
rules from [RFC6125], Server 2 accepts that there is a strong rules from [RFC6125], Server 2 accepts that there is a strong
domain name association between its stream to Server 1 and the domain name association between its stream to Server 1 and the
DNS domain name rooms.a.example. DNS domain name rooms.a.example.
As before, the parties now have two TCP connections open. So that As before, the parties now have two TCP connections open. So that
they can close the now-redundant connection, Server 2 sends a they can close the now-redundant connection, Server 2 sends a
dialback key to Server 1 over the new connection. dialback key to Server 1 over the new connection.
<db:result from='c.example' to='rooms.a.example'> <db:result from='c.example' to='rooms.a.example'>
some-dialback-key some-dialback-key
</db:result> </db:result>
Server 1 then informs Server 2 that it accepts the domain name Server 1 then informs Server 2 that it accepts the domain name
association: association:
<db:result from='rooms.a.example' to='c.example' type='valid'/> <db:result from='rooms.a.example' to='c.example' type='valid'/>
Server 2 can now close the connection over which it tested the domain Server 2 can now close the connection over which it tested the domain
name association for rooms.a.example. name association for rooms.a.example.
7. Alternative Prooftypes 7. Alternative Prooftypes
The foregoing protocol flows assumed that domain name associations The foregoing protocol flows assumed that domain name associations
were proved using the standard PKI prooftype specified in [RFC6120]: were proved using the standard PKI prooftype specified in [RFC6120]:
that is, the server's proof consists of a PKIX certificate that is that is, the server's proof consists of a PKIX certificate that is
checked according to the XMPP profile [RFC6120] of the matching rules checked according to the XMPP profile [RFC6120] of the matching rules
from [RFC6125], the client's verification material is obtained out of from [RFC6125], the client's verification material is obtained out of
band in the form of a trusted root, and secure DNS is not necessary. band in the form of a trusted root, and secure DNS is not necessary.
However, sometimes XMPP server administrators are unable or unwilling However, sometimes XMPP server administrators are unable or unwilling
to obtain valid PKIX certificates for their servers. As one example, to obtain valid PKIX certificates for their servers. As one example,
a certificate authority (CA) might try to send email messages to a certificate authority (CA) might try to send email messages to
authoritative mailbox names [RFC2142], but the administrator of a authoritative mailbox names [RFC2142], but the administrator of a
subsidiary service such as im.cs.podunk.example can't receive email subsidiary service such as im.cs.podunk.example can't receive email
skipping to change at page 12, line 15 skipping to change at page 12, line 5
7.2. POSH 7.2. POSH
In the POSH prooftype, the server's proof consists of a PKIX In the POSH prooftype, the server's proof consists of a PKIX
certificate that is checked according to the rules from [RFC6120] and certificate that is checked according to the rules from [RFC6120] and
[RFC6125], the client's verification material is obtained by [RFC6125], the client's verification material is obtained by
retrieving the PKIK certificate over HTTPS at a well-known URI retrieving the PKIK certificate over HTTPS at a well-known URI
[RFC5785], and secure DNS is not necessary since the HTTPS retrieval [RFC5785], and secure DNS is not necessary since the HTTPS retrieval
mechanism relies on the chain of trust from the public key mechanism relies on the chain of trust from the public key
infrastructure. infrastructure.
POSH is defined in [I-D.miller-posh]. For XMPP purposes, the well- POSH is defined in [I-D.ietf-xmpp-posh]. For XMPP purposes, the
known URIs [RFC5785] to be used are: well-known URIs [RFC5785] to be used are:
o "/.well-known/posh._xmpp-client._tcp.json" for client-to-server o "/.well-known/posh._xmpp-client._tcp.json" for client-to-server
connections connections
o "/.well-known/posh._xmpp-server._tcp.json" for server-to-server o "/.well-known/posh._xmpp-server._tcp.json" for server-to-server
connections connections
8. Secure Delegation and Multi-Tenancy 8. Secure Delegation and Multi-Tenancy
One common method for deploying XMPP services is multi-tenancy or One common method for deploying XMPP services is multi-tenancy or
skipping to change at page 13, line 10 skipping to change at page 12, line 48
checked (which is functionally equivalent to a connection using an checked (which is functionally equivalent to a connection using an
anonymous key exchange). This is also true of client-to-server anonymous key exchange). This is also true of client-to-server
communications, forcing end users to override certificate warnings or communications, forcing end users to override certificate warnings or
configure their clients to accept certificates for configure their clients to accept certificates for
hosting.example.net instead of example.com. The fundamental problem hosting.example.net instead of example.com. The fundamental problem
here is that if DNSSEC is not used then the act of delegation via DNS here is that if DNSSEC is not used then the act of delegation via DNS
SRV records is inherently insecure. SRV records is inherently insecure.
The specification for use of SRV and MX records with DANE The specification for use of SRV and MX records with DANE
[I-D.ietf-dane-srv] explains how to use DNSSEC for secure delegation [I-D.ietf-dane-srv] explains how to use DNSSEC for secure delegation
with the DANE prooftype, and the POSH specification [I-D.miller-posh] with the DANE prooftype, and the POSH specification
explains how to use HTTPS redirects for secure delegation with the [I-D.ietf-xmpp-posh] explains how to use HTTPS redirects for secure
POSH prooftype. delegation with the POSH prooftype.
9. Prooftype Model 9. Prooftype Model
In general, a domain name association (DNA) prooftype conforms to the In general, a domain name association (DNA) prooftype conforms to the
following definition: following definition:
prooftype: A mechanism for proving an association between a domain prooftype: A mechanism for proving an association between a domain
name and an XML stream, where the mechanism defines (1) the nature name and an XML stream, where the mechanism defines (1) the nature
of the server's proof, (2) the matching rules for comparing the of the server's proof, (2) the matching rules for comparing the
client's verification material against the server's proof, (3) how client's verification material against the server's proof, (3) how
skipping to change at page 13, line 36 skipping to change at page 13, line 27
The PKI, DANE, and POSH prooftypes adhere to this model. In The PKI, DANE, and POSH prooftypes adhere to this model. In
addition, other prooftypes are possible (examples might include PGP addition, other prooftypes are possible (examples might include PGP
keys rather than PKIX certificates, or a token mechanism such as keys rather than PKIX certificates, or a token mechanism such as
Kerberos or OAuth). Kerberos or OAuth).
Some prooftypes depend on (or are enhanced by) secure DNS and thus Some prooftypes depend on (or are enhanced by) secure DNS and thus
also need to describe how they ensure secure delegation. also need to describe how they ensure secure delegation.
10. IANA Considerations 10. IANA Considerations
The POSH specification [I-D.miller-posh] provides guidelines for The POSH specification [I-D.ietf-xmpp-posh] provides guidelines for
registering the well-known URIs [RFC5785] of protocols that make use registering the well-known URIs [RFC5785] of protocols that make use
of POSH. This specification registers two such URIs, for which the of POSH. This specification registers two such URIs, for which the
completed registration templates follow. completed registration templates follow.
10.1. Well-Known URI for xmpp-client Service 10.1. Well-Known URI for xmpp-client Service
This specification registers the well-known URI "posh._xmpp- This specification registers the well-known URI "posh._xmpp-
client._tcp.json" in the Well-Known URI Registry as defined by client._tcp.json" in the Well-Known URI Registry as defined by
[RFC5785]. [RFC5785].
skipping to change at page 14, line 14 skipping to change at page 14, line 4
10.2. Well-Known URI for xmpp-server Service 10.2. Well-Known URI for xmpp-server Service
This specification registers the well-known URI "posh._xmpp- This specification registers the well-known URI "posh._xmpp-
server._tcp.json" in the Well-Known URI Registry as defined by server._tcp.json" in the Well-Known URI Registry as defined by
[RFC5785]. [RFC5785].
URI suffix: posh._xmpp-server._tcp.json URI suffix: posh._xmpp-server._tcp.json
Change controller: IETF Change controller: IETF
Specification document(s): [[ this document ]] Specification document(s): [[ this document ]]
11. Security Considerations 11. Security Considerations
This document supplements but does not supersede the security This document supplements but does not supersede the security
considerations of [RFC6120] and [RFC6125]. Relevant security considerations of [RFC6120] and [RFC6125]. Relevant security
considerations can also be found in [I-D.ietf-dane-srv] and considerations can also be found in [I-D.ietf-dane-srv] and
[I-D.miller-posh]. [I-D.ietf-xmpp-posh].
12. References 12. References
12.1. Normative References 12.1. Normative References
[I-D.ietf-dane-srv] [I-D.ietf-dane-srv]
Finch, T., "Using DNS-Based Authentication of Named Finch, T., Miller, M., and P. Saint-Andre, "Using DNS-
Entities (DANE) TLSA records with SRV and MX records.", Based Authentication of Named Entities (DANE) TLSA records
draft-ietf-dane-srv-02 (work in progress), February 2013. with SRV and MX records.", draft-ietf-dane-srv-03 (work in
progress), December 2013.
[I-D.miller-posh] [I-D.ietf-xmpp-posh]
Miller, M. and P. Saint-Andre, "PKIX over Secure HTTP Miller, M. and P. Saint-Andre, "PKIX over Secure HTTP
(POSH)", draft-miller-posh-02 (work in progress), (POSH)", draft-ietf-xmpp-posh-00 (work in progress),
September 2013. February 2014.
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities", [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, November 1987. STD 13, RFC 1034, November 1987.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987. specification", STD 13, RFC 1035, November 1987.
[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
specifying the location of services (DNS SRV)", RFC 2782, specifying the location of services (DNS SRV)", RFC 2782,
February 2000. February 2000.
skipping to change at page 16, line 8 skipping to change at page 15, line 49
Saint-Andre, P., "XMPP Protocol Flows for Inter-Domain Saint-Andre, P., "XMPP Protocol Flows for Inter-Domain
Federation", XSF XEP 0238, March 2008. Federation", XSF XEP 0238, March 2008.
[XEP-0288] [XEP-0288]
Hancke, P. and D. Cridland, "Bidirectional Server-to- Hancke, P. and D. Cridland, "Bidirectional Server-to-
Server Connections", XSF XEP 0288, September 2013. Server Connections", XSF XEP 0288, September 2013.
Authors' Addresses Authors' Addresses
Peter Saint-Andre Peter Saint-Andre
Cisco Systems, Inc. &yet
1899 Wynkoop Street, Suite 600
Denver, CO 80202
USA
Email: psaintan@cisco.com
Email: ietf@stpeter.im
Matthew Miller Matthew Miller
Cisco Systems, Inc. Cisco Systems, Inc.
1899 Wynkoop Street, Suite 600 1899 Wynkoop Street, Suite 600
Denver, CO 80202 Denver, CO 80202
USA USA
Email: mamille2@cisco.com Email: mamille2@cisco.com
 End of changes. 23 change blocks. 
38 lines changed or deleted 36 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/