draft-ietf-xmpp-dna-08.txt   draft-ietf-xmpp-dna-09.txt 
Network Working Group P. Saint-Andre Network Working Group P. Saint-Andre
Internet-Draft &yet Internet-Draft &yet
Intended status: Standards Track M. Miller Intended status: Standards Track M. Miller
Expires: April 26, 2015 Cisco Systems, Inc. Expires: August 20, 2015 Cisco Systems, Inc.
October 23, 2014 P. Hancke
&yet
February 16, 2015
Domain Name Associations (DNA) in the Extensible Messaging and Presence Domain Name Associations (DNA) in the Extensible Messaging and Presence
Protocol (XMPP) Protocol (XMPP)
draft-ietf-xmpp-dna-08 draft-ietf-xmpp-dna-09
Abstract Abstract
This document improves the security of the Extensible Messaging and This document improves the security of the Extensible Messaging and
Presence Protocol (XMPP) in two ways. First, it specifies how to Presence Protocol (XMPP) in two ways. First, it specifies how to
establish a strong association between a domain name and an XML establish a strong association between a domain name and an XML
stream, using the concept of "prooftypes". Second, it describes how stream, using the concept of "prooftypes". Second, it describes how
to securely delegate a service domain name (e.g., example.com) to a to securely delegate a service domain name (e.g., example.com) to a
target server host name (e.g., hosting.example.net), which is target server host name (e.g., hosting.example.net), which is
especially important in multi-tenanted environments where the same especially important in multi-tenanted environments where the same
target server hosts a large number of service associated with target server hosts a large number of domains.
different domains.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 26, 2015. This Internet-Draft will expire on August 20, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Client-to-Server (C2S) DNA . . . . . . . . . . . . . . . . . 3 3. Client-to-Server (C2S) DNA . . . . . . . . . . . . . . . . . 3
3.1. C2S Flow . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. C2S Flow . . . . . . . . . . . . . . . . . . . . . . . . 4
3.2. C2S Description . . . . . . . . . . . . . . . . . . . . . 4 3.2. C2S Description . . . . . . . . . . . . . . . . . . . . . 4
4. Server-to-Server (S2S) DNA . . . . . . . . . . . . . . . . . 5 4. Server-to-Server (S2S) DNA . . . . . . . . . . . . . . . . . 5
4.1. S2S Flow Chart . . . . . . . . . . . . . . . . . . . . . 5 4.1. S2S Flow . . . . . . . . . . . . . . . . . . . . . . . . 5
4.2. A Simple S2S Scenario . . . . . . . . . . . . . . . . . . 7 4.2. A Simple S2S Scenario . . . . . . . . . . . . . . . . . . 8
4.3. One-Way Authentication . . . . . . . . . . . . . . . . . 8 4.3. One-Way Authentication . . . . . . . . . . . . . . . . . 9
4.4. Piggybacking . . . . . . . . . . . . . . . . . . . . . . 9 4.4. Piggybacking . . . . . . . . . . . . . . . . . . . . . . 11
4.4.1. Assertion . . . . . . . . . . . . . . . . . . . . . . 9 4.4.1. Assertion . . . . . . . . . . . . . . . . . . . . . . 11
4.4.2. Supposition . . . . . . . . . . . . . . . . . . . . . 11 4.4.2. Supposition . . . . . . . . . . . . . . . . . . . . . 12
5. Alternative Prooftypes . . . . . . . . . . . . . . . . . . . 12 5. Alternative Prooftypes . . . . . . . . . . . . . . . . . . . 13
5.1. DANE . . . . . . . . . . . . . . . . . . . . . . . . . . 12 5.1. DANE . . . . . . . . . . . . . . . . . . . . . . . . . . 14
5.2. POSH . . . . . . . . . . . . . . . . . . . . . . . . . . 13 5.2. POSH . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6. Secure Delegation and Multi-Tenancy . . . . . . . . . . . . . 13 6. Secure Delegation and Multi-Tenancy . . . . . . . . . . . . . 15
7. Prooftype Model . . . . . . . . . . . . . . . . . . . . . . . 14 7. Prooftype Model . . . . . . . . . . . . . . . . . . . . . . . 16
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17
8.1. Well-Known URI for xmpp-client Service . . . . . . . . . 15 8.1. Well-Known URI for xmpp-client Service . . . . . . . . . 17
8.2. Well-Known URI for xmpp-server Service . . . . . . . . . 15 8.2. Well-Known URI for xmpp-server Service . . . . . . . . . 17
9. Security Considerations . . . . . . . . . . . . . . . . . . . 15 9. Security Considerations . . . . . . . . . . . . . . . . . . . 17
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 17
10.1. Normative References . . . . . . . . . . . . . . . . . . 16 10.1. Normative References . . . . . . . . . . . . . . . . . . 18
10.2. Informative References . . . . . . . . . . . . . . . . . 17 10.2. Informative References . . . . . . . . . . . . . . . . . 19
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 18 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20
1. Introduction 1. Introduction
In systems that use the Extensible Messaging and Presence Protocol In systems that use the Extensible Messaging and Presence Protocol
(XMPP) [RFC6120], it is important to establish a strong association (XMPP) [RFC6120], it is important to establish a strong association
between the DNS domain name of an XMPP service (e.g., example.com) between the DNS domain name of an XMPP service (e.g., example.com)
and the XML stream that a client or peer server initiates with that and the XML stream that a client or peer server initiates with that
service. In other words, the client or peer server needs to verify service. In other words, the client or peer server needs to verify
the identity of the server to which it connects. the identity of the server to which it connects. Additionally,
servers need to verify incoming connections from other servers.
To date, such verification has been established based on information To date, such verification has been established based on information
obtained from the Domain Name System (DNS), the Public Key obtained from the Domain Name System (DNS), the Public Key
Infrastructure (PKI), or similar sources. In relation to such Infrastructure (PKI), or similar sources. In relation to such
associations, this document does the following: associations, this document does the following:
1. Generalizes the model currently in use so that additional 1. Generalizes the model currently in use so that additional
prooftypes can be defined if needed. prooftypes can be defined if needed.
2. Provides a basis for modernizing some prooftypes to reflect 2. Provides a basis for modernizing some prooftypes to reflect
skipping to change at page 3, line 43 skipping to change at page 3, line 46
The terms "reference identity", and "presented identity" are used as The terms "reference identity", and "presented identity" are used as
defined in the "CertID" specification [RFC6125]. For the sake of defined in the "CertID" specification [RFC6125]. For the sake of
consistency with [I-D.ietf-dane-srv], this document uses the terms consistency with [I-D.ietf-dane-srv], this document uses the terms
"service domain name" and "target server host name" to refer to the "service domain name" and "target server host name" to refer to the
same entities identified by the terms "source domain" and "derived same entities identified by the terms "source domain" and "derived
domain" from [RFC6125]. domain" from [RFC6125].
3. Client-to-Server (C2S) DNA 3. Client-to-Server (C2S) DNA
The client-to-server case is much simpler than the server-to-server The client-to-server case is much simpler than the server-to-server
case because the client does not assert a domain name, the only case because the client does not assert a domain name, which means
domain name that needs to be verified is that of the server, etc. verification happens in only one direction. Therefore we describe
Therefore we describe this case first to help the reader understand this case first to help the reader understand domain name
domain name associations in XMPP. associations in XMPP.
3.1. C2S Flow 3.1. C2S Flow
The following flow chart illustrates the protocol flow for The following flow chart illustrates the protocol flow for
establishing a domain name association for an XML stream from a establishing a domain name association for an XML stream from a
client to a server using the standard PKIX prooftype specified in client (C) to a server (S) using the standard PKIX prooftype
[RFC6120]. specified in [RFC6120].
| |
DNS RESOLUTION ETC. DNS RESOLUTION ETC.
| |
+-----------------STREAM HEADERS---------------------+ +-----------------STREAM HEADERS---------------------+
| | | |
| A: <stream from='user@a.example' to='a.example'> | | C: <stream from='user@a.example' to='a.example'> |
| | | |
| B: <stream from='a.example' to='user@a.example'> | | S: <stream from='a.example' to='user@a.example'> |
| | | |
+----------------------------------------------------+ +----------------------------------------------------+
| |
+-----------------TLS NEGOTIATION--------------------+ +-----------------TLS NEGOTIATION--------------------+
| | | |
| B: Server Certificate | | S: Server Certificate |
| | | |
+----------------------------------------------------+ +----------------------------------------------------+
| |
(client establishes DNA for a.example) (client checks certificate and
establishes DNA for a.example)
| |
3.2. C2S Description 3.2. C2S Description
The simplified order of events (see [RFC6120] for details) in The simplified order of events (see [RFC6120] for details) in
establishing an XML stream from a client (user@a.exmaple) to a server establishing an XML stream from a client (user@a.exmaple) to a server
(a.example) is as follows: (a.example) is as follows:
1. The client resolves the DNS domain name a.example. 1. The client resolves via DNS the service _xmpp-
client._tcp.a.example.
2. The client opens a TCP connection to the resolved IP address. 2. The client opens a TCP connection to the resolved IP address.
3. The client sends an initial stream header to the server. 3. The client sends an initial stream header to the server:
<stream:stream from='user@a.example' to='a.example'> <stream:stream from='user@a.example' to='a.example'>
4. The server sends a response stream header to the client, 4. The server sends a response stream header to the client,
asserting that it is a.example: asserting that it is a.example:
<stream:stream from='a.example' to='user@a.example'> <stream:stream from='a.example' to='user@a.example'>
5. The parties attempt TLS negotiation, during which the XMPP server 5. The parties attempt TLS negotiation, during which the XMPP server
(acting as a TLS server) presents a PKIX certificate proving that (acting as a TLS server) presents a PKIX certificate proving that
it is a.example. it is a.example.
6. The client checks the PKIX certificate that the server provided; 6. The client checks the PKIX certificate that the server provided;
if the proof is consistent with the XMPP profile of the matching if the proof is consistent with the XMPP profile of the matching
rules from [RFC6125], the client accepts that there is a strong rules from [RFC6125] and the certificate is otherwise valid
according to [RFC5280], the client accepts that there is a strong
domain name association between its stream to the target server domain name association between its stream to the target server
and the DNS domain name of the XMPP service. and the DNS domain name of the XMPP service.
The certificate that the server presents might not be trusted by the
client. As one example, the server might be hosting multiple domains
and secure delegation as described in Section 6 is necessary. As
another example, the server might present a self-signed certificate,
which requires the client to apply either the fallback process
described in section 6.6.4 of [RFC6125] or prompt the user to accept
an unauthenticated connection as described in [I-D.ietf-uta-xmpp].
4. Server-to-Server (S2S) DNA 4. Server-to-Server (S2S) DNA
The server-to-server case is significantly more complex than the The server-to-server case is significantly more complex than the
client-to-server case, and involves checking of domain name client-to-server case, and involves checking of domain name
associations in both directions along with other "wrinkles" described associations in both directions along with other "wrinkles" described
in the following sections. in the following sections.
4.1. S2S Flow Chart 4.1. S2S Flow
The following flow chart illustrates the protocol flow for The following flow chart illustrates the protocol flow for
establishing domain name associations between Server 1 and Server 2, establishing domain name associations between Server A (the
as described in the remaining sections of this document. initiating entity) and Server B (the receiving entity), as described
in the remaining sections of this document.
| |
(Section 4.2: A Simple Scenario) (A Simple S2S Scenario)
| |
DNS RESOLUTION ETC. DNS RESOLUTION ETC.
| |
+-------------STREAM HEADERS--------------------+ +-------------STREAM HEADERS--------------------+
| | | |
| A: <stream from='a.example' to='b.example'> | | A: <stream from='a.example' to='b.example'> |
| | | |
| B: <stream from='b.example' to='a.example'> | | B: <stream from='b.example' to='a.example'> |
| | | |
+-----------------------------------------------+ +-----------------------------------------------+
| |
+-------------TLS NEGOTIATION-------------------+ +-------------TLS NEGOTIATION-------------------+
| | | |
| B: Server Certificate | | B: Server Certificate |
| [B: Certificate Request] | | B: Certificate Request |
| [A: Client Certificate] | | A: Client Certificate |
| | | |
+-----------------------------------------------+ +-----------------------------------------------+
| |
(A establishes DNA for b.example) (A establishes DNA for b.example)
| |
+-------------AUTHENTICATION--------------------+ +-------------AUTHENTICATION--------------------+
| | | | | |
| {client certificate?} ----+ | | {valid client certificate?} --+ |
| | | | | | | |
| | yes no | | | | yes no | |
| v | | | v | |
| SASL EXTERNAL | | | SASL EXTERNAL | |
| (mutual auth!) | | | (mutual auth!) | |
+------------------------------------|----------+ | (B establishes DNA for a.example) | |
| +-------------------------------------|---------+
+----------------+ |
| B needs to auth A +-----------------+
| B needs to establish DNA
| for this stream from a.example,
| so A asserts its identity
| |
+----------DIALBACK IDENTITY ASSERTION----------+
| |
| A: <db:result from='a.example' |
| to='b.example'> |
| some-dialback-key |
| </db:result> |
| |
+-----------------------------------------------+
| |
(Section 4.3: One-Way Authentication) (Section 4.3: One-Way Authentication)
| |
DNS RESOLUTION ETC. DNS RESOLUTION ETC.
| |
+-------------STREAM HEADERS--------------------+ +-------------STREAM HEADERS--------------------+
| | | |
| B: <stream from='b.example' to='a.example'> | | B: <stream from='b.example' to='a.example'> |
| | | |
| A: <stream from='a.example' to='b.example'> | | A: <stream from='a.example' to='b.example'> |
| | | |
+-----------------------------------------------+ +-----------------------------------------------+
| |
+-------------TLS NEGOTIATION-------------------+ +-------------TLS NEGOTIATION-------------------+
| | | |
| A: Server Certificate | | A: Server Certificate |
| | | |
+-----------------------------------------------+ +-----------------------------------------------+
| |
(B establishes DNA for a.example) +----------DIALBACK IDENTITY VERIFICATION-------+
| |
| B: <db:verify from='b.example' |
| to='a.example' |
| id='...'> |
| some-dialback-key |
| </db:verify> |
| |
| A: <db:verify from='a.example' |
| to='b.example' |
| type='valid' |
| id='...'> |
| |
+-----------------------------------------------+
|
(B establishes DNA for a.example)
| |
| |
(Section 4.4.1: Piggybacking Assertion) (Section 4.4.1: Piggybacking Assertion)
| |
+----------DIALBACK IDENTITY ASSERTION----------+ +----------DIALBACK IDENTITY ASSERTION----------+
| | | |
| B: <db:result from='c.example' | | B: <db:result from='c.example' |
| to='a.example'/> | | to='a.example'/> |
| | | |
+-----------------------------------------------+ +-----------------------------------------------+
skipping to change at page 7, line 49 skipping to change at page 8, line 38
| to='c.example' | | to='c.example' |
| type='valid'/> | | type='valid'/> |
| | | |
+-----------------------------------------------+ +-----------------------------------------------+
| |
4.2. A Simple S2S Scenario 4.2. A Simple S2S Scenario
To illustrate the problem, consider the simplified order of events To illustrate the problem, consider the simplified order of events
(see [RFC6120] for details) in establishing an XML stream between (see [RFC6120] for details) in establishing an XML stream between
Server 1 (a.example) and Server 2 (b.example): Server A (a.example) and Server B (b.example):
1. Server 1 resolves the DNS domain name b.example. 1. Server A resolves via DNS the service _xmpp-
server._tcp.b.example.
2. Server 1 opens a TCP connection to the resolved IP address. 2. Server A opens a TCP connection to the resolved IP address.
3. Server 1 sends an initial stream header to Server 2, asserting 3. Server A sends an initial stream header to Server B, asserting
that it is a.example: that it is a.example:
<stream:stream from='a.example' to='b.example'> <stream:stream from='a.example' to='b.example'>
4. Server 2 sends a response stream header to Server 1, asserting 4. Server B sends a response stream header to Server A, asserting
that it is b.example: that it is b.example:
<stream:stream from='b.example' to='a.example'> <stream:stream from='b.example' to='a.example'>
5. The servers attempt TLS negotiation, during which Server 2 5. The servers attempt TLS negotiation, during which Server B
(acting as a TLS server) presents a PKIX certificate proving that (acting as a TLS server) presents a PKIX certificate proving that
it is b.example and Server 1 (acting as a TLS client) presents a it is b.example and Server A (acting as a TLS client) presents a
PKIX certificate proving that it is a.example. PKIX certificate proving that it is a.example.
6. Server 1 checks the PKIX certificate that Server 2 provided and 6. Server A checks the PKIX certificate that Server B provided and
Server 2 checks the PKIX certificate that Server 1 provided; if Server B checks the PKIX certificate that Server A provided; if
these proofs are consistent with the XMPP profile of the matching these proofs are consistent with the XMPP profile of the matching
rules from [RFC6125], each server accepts that there is a strong rules from [RFC6125] and is otherwise valid according to
domain name association between its stream to the other party and [RFC5280], each server accepts that there is a strong domain name
the DNS domain name of the other party. association between its stream to the other party and the DNS
domain name of the other party.
Several simplifying assumptions underlie the happy scenario just Several simplifying assumptions underlie the happy scenario just
outlined: outlined:
o Server 1 presents a PKIX certificate during TLS negotiation, which o The PKIX certificate presented by Server B during TLS negotiation
enables the parties to complete mutual authentication. is trusted by Server A and matches the expected identity.
o There are no additional domains associated with Server 1 and o The PKIX certificate presented by Server A during TLS negotiation
Server 2 (say, a subdomain rooms.a.example on Server 1 or a second is trusted by Server B, which enables the parties to complete
domain c.example on Server 2). mutual authentication.
o The server administrators are able to obtain PKIX certificates in o There are no additional domains associated with Server A and
the first place. Server B (say, a subdomain rooms.a.example on Server A or a second
domain c.example on Server B).
o The server administrators are able to obtain PKIX certificates
issued by a widely-accepted certificate authority (CA) in the
first place.
o The server administrators are running their own XMPP servers, o The server administrators are running their own XMPP servers,
rather than using hosting services. rather than using hosting services.
Let's consider each of these "wrinkles" in turn. Let's consider each of these "wrinkles" in turn. Since Server A is
acting as a S2S client the behaviour is same as in the C2S case
described in Section 3.2.
4.3. One-Way Authentication 4.3. One-Way Authentication
If Server 1 does not present its PKIX certificate during TLS If the PKIX certificate presented by Server A during TLS negotiation
negotiation (perhaps because it wishes to verify the identity of is not trusted by Server B, Server B is unable to mutually
Server 2 before presenting its own credentials), Server 2 is unable authenticate Server A. Therefore, Server B needs to verify the
to mutually authenticate Server 1. Therefore, Server 2 needs to asserted identity of Server A by other means.
negotiate and authenticate a stream to Server 1, just as Server 1 has
done:
1. Server 2 resolves the DNS domain name a.example. 1. Server A asserts it is a.example using the Server Dialback
protocol:
2. Server 2 opens a TCP connection to the resolved IP address. <db:result from='a.example' to='b.example' id='...'>some-
dialback-key</db:result>
3. Server 2 sends an initial stream header to Server 1, asserting 2. Server B resolves via DNS the service _xmpp-
server._tcp.a.example.
3. Server B opens a TCP connection to the resolved IP address.
4. Server B sends an initial stream header to Server A, asserting
that it is b.example: that it is b.example:
<stream:stream from='b.example' to='a.example'> <stream:stream from='b.example' to='a.example'>
4. Server 1 sends a response stream header to Server 2, asserting 5. Server A sends a response stream header to Server B, asserting
that it is a.example: that it is a.example:
<stream:stream from='a.example' to='b.example'> <stream:stream from='a.example' to='b.example'>
5. The servers attempt TLS negotiation, during which Server 1 6. The servers attempt TLS negotiation, during which Server A
(acting as a TLS server) presents a PKIX certificate proving that (acting as a TLS server) presents a PKIX certificate proving that
it is a.example. it is a.example.
6. Server 2 checks the PKIX certificate that Server 1 provided; if 7. Server B checks the PKIX certificate that Server A provided.
it is consistent with the XMPP profile [RFC6120] of the matching This might be the same certificate presented by Server A as a
rules from [RFC6125], Server 2 accepts that there is a strong client certificate in the initial connection. Even if this
domain name association between its stream to Server 1 and the certificate is not signed by a trusted CA (for example it could
DNS domain name a.example. be self-signed) Server B can verify that there is an association
between the incoming connection and the domain name a.example.
Note that this may be insecure unless DNSSEC [RFC4033] is used.
8. If the certificate provided by Server A is different from the one
presented in the initial connection, Server B proceeds with
Server Dialback in order to establish the domain name
association. In order to do this it sends a request for
verification as described in [XEP-0220]:
<db:verify from='b.example' to='a.example' id='...'>some-
dialback-key</db:verify>
9. Server A responds to this:
<db:verify from='a.example' to='b.example' id='...' type='valid/>
allowing Server B to establish the domain name association.
At this point the servers are using two TCP connections instead of At this point the servers are using two TCP connections instead of
one, which is somewhat wasteful. However, there are ways to tie the one, which is somewhat wasteful. However, there are ways to tie the
authentication achieved on the second TCP connection to the first TCP authentication achieved on the second TCP connection to the first TCP
connection; see [XEP-0288] for further discussion. connection; see [XEP-0288] for further discussion.
4.4. Piggybacking 4.4. Piggybacking
4.4.1. Assertion 4.4.1. Assertion
Consider the common scenario in which Server 2 hosts not only Consider the common scenario in which Server B hosts not only
b.example but also a second domain c.example (a "multi-tenanted" b.example but also a second domain c.example (often called a "multi-
environment). If a user of Server 2 associated with c.example wishes tenanted" environment). If a user of Server B associated with
to communicate with a friend at a.example, Server 2 needs to send c.example wishes to communicate with a friend at a.example, Server B
XMPP stanzas from the domain c.example rather than b.example. needs to send XMPP stanzas from the domain c.example rather than
Although Server 2 could open an new TCP connection and negotiate new b.example. Although Server B could open a new TCP connection and
XML streams for the domain pair of c.example and a.example, that too negotiate new XML streams for the domain pair of c.example and
is wasteful. Server 2 already has a connection to a.example, so how a.example, that too is wasteful (especially if Server B hosts a large
can it assert that it would like to add a new domain pair to the number of domains). Server B already has a connection to a.example,
existing connection? so how can it assert that it would like to add a new domain pair to
the existing connection?
The traditional method for doing so is the Server Dialback protocol, The traditional method for doing so is the Server Dialback protocol,
first specified in [RFC3920] and since moved to [XEP-0220]. Here, first specified in (the now obsolete) [RFC3920] and since moved to
Server 2 can send a <db:result/> element for the new domain pair over [XEP-0220]. Here, Server B can send a <db:result/> element for the
the existing stream. new domain pair over the existing stream.
<db:result from='c.example' to='a.example'> <db:result from='c.example' to='a.example'>
some-dialback-key some-dialback-key
</db:result> </db:result>
This element functions as Server 2's assertion that it is (also) This element functions as Server B's assertion that it is (also)
c.example, and thus is functionally equivalent to the 'from' address c.example, and thus is functionally equivalent to the 'from' address
of an initial stream header as previously described. of an initial stream header as previously described.
In response to this assertion, Server 1 needs to obtain some kind of In response to this assertion, Server A needs to obtain some kind of
proof that Server 2 really is also c.example. It can do the same proof that Server B really is also c.example. If the certificate
thing that it did before: presented by Server B is also valid for c.example then no further
action is necessary. However, if not then Server A needs to do a bit
more work. Specifically, Server A can pursue the same strategy it
used before:
1. Server 1 resolves the DNS domain name c.example. 1. Server A resolves via DNS the service _xmpp-
server._tcp.c.example.
2. Server 1 opens a TCP connection to the resolved IP address (which 2. Server A opens a TCP connection to the resolved IP address (which
might be the same IP address as for b.example). might be the same IP address as for b.example).
3. Server 1 sends an initial stream header to Server 2, asserting 3. Server A sends an initial stream header to Server B, asserting
that it is a.example: that it is a.example:
<stream:stream from='a.example' to='c.example'> <stream:stream from='a.example' to='c.example'>
4. Server 2 sends a response stream header to Server 1, asserting 4. Server B sends a response stream header to Server A, asserting
that it is c.example: that it is c.example:
<stream:stream from='c.example' to='a.example'> <stream:stream from='c.example' to='a.example'>
5. The servers attempt TLS negotiation, during which Server 2 5. The servers attempt TLS negotiation, during which Server B
(acting as a TLS server) presents a PKIX certificate proving that (acting as a TLS server) presents a PKIX certificate proving that
it is c.example. it is c.example.
6. Server 1 checks the PKIX certificate that Server 2 provided; if 6. At this point, Server A needs to establish that, despite
it is consistent with the XMPP profile [RFC6120] of the matching different certificates, c.example is associated with the origin
rules from [RFC6125], Server 1 accepts that there is a strong of the request. This is done using Server Dialback [XEP-0220]:
domain name association between its stream to Server 2 and the
DNS domain name c.example.
Now that Server 1 accepts the domain name association, it informs
Server 2 of that fact:
<db:result from='a.example' to='c.example' type='valid'/> <db:verify from='a.example' to='c.example' id='...'>some-
dialback-key</db:verify>
The parties can then terminate the second connection, since it was 7. Server B responds to this:
used only for Server 1 to associate a stream over the same IP:port
combination with the domain name c.example (the dialback key links
the original stream to the new association).
4.4.2. Supposition <db:verify from='c.example' to='a.example' id='...' type='valid/>
Piggybacking can also occur in the other direction. Consider the allowing Server A to establish the domain name association.
common scenario in which Server 1 provides XMPP services not only for
a.example but also for a subdomain such as a groupchat service at
rooms.a.example (see [XEP-0045]). If a user from c.example at Server
2 wishes to join a room on the groupchat sevice, Server 2 needs to
send XMPP stanzas from the domain c.example to the domain
rooms.a.example rather than a.example. Therefore, Server 2 needs to
negotiate and authenticate a stream to rooms.a.example:
1. Server 2 resolves the DNS domain name rooms.a.example. Now that Server A accepts the domain name association, it informs
Server B of that fact:
2. Server 2 opens a TCP connection to the resolved IP address. <db:result from='a.example' to='c.example' type='valid'/>
3. Server 2 sends an initial stream header to Server 1 acting as The parties can then terminate the second connection, since it was
rooms.a.example, asserting that it is b.example: used only for Server A to associate a stream with the domain name
c.example (the dialback key links the original stream to the new
association).
<stream:stream from='b.example' to='rooms.a.example'> 4.4.2. Supposition
4. Server 1 sends a response stream header to Server 2, asserting Piggybacking can also occur in the other direction. Consider the
that it is rooms.a.example: common scenario in which Server A provides XMPP services not only for
a.example but also for a subdomain such as a groupchat service (e.g.,
Multi-User Chat [XEP-0045]) at rooms.a.example. If a user from
c.example at Server B wishes to join a room on the groupchat sevice,
Server B needs to send XMPP stanzas from the domain c.example to the
domain rooms.a.example rather than a.example. First, Server B needs
to determine whether it can piggyback the domain rooms.a.example on
the connection to a.example:
<stream:stream from='rooms.a.example' to='b.example'> 1. Server B resolves vua DNS the service _xmpp-
server._tcp.rooms.a.example.
5. The servers attempt TLS negotiation, during which Server 1 2. Server B determines this resolves to an IP address and port that
(acting as a TLS server) presents a PKIX certificate proving that it is already connected to.
it is rooms.a.example.
6. Server 2 checks the PKIX certificate that Server 1 provided; if 3. Server B determines that the PKIX certificate for that active
it is consistent with the XMPP profile [RFC6120] of the matching connection would also be valid for the rooms.a.example domain and
rules from [RFC6125], Server 2 accepts that there is a strong that Server A has announced support for dialback errors.
domain name association between its stream to Server 1 and the
DNS domain name rooms.a.example.
As before, the parties now have two TCP connections open. So that Server B sends a dialback key to Server A over the existing
they can close the now-redundant connection, Server 2 sends a connection.
dialback key to Server 1 over the new connection.
<db:result from='c.example' to='rooms.a.example'> <db:result from='c.example' to='rooms.a.example'>
some-dialback-key some-dialback-key
</db:result> </db:result>
Server 1 then informs Server 2 that it accepts the domain name Server A then informs Server B that it accepts the domain name
association: association:
<db:result from='rooms.a.example' to='c.example' type='valid'/> <db:result from='rooms.a.example' to='c.example' type='valid'/>
Server 2 can now close the connection over which it tested the domain
name association for rooms.a.example.
5. Alternative Prooftypes 5. Alternative Prooftypes
The foregoing protocol flows assumed that domain name associations The foregoing protocol flows assumed that domain name associations
were proved using the standard PKI prooftype specified in [RFC6120]: were proved using the PKI prooftype specified in [RFC6120]: that is,
that is, the server's proof consists of a PKIX certificate that is the server's proof consists of a PKIX certificate that is checked
checked according to the XMPP profile [RFC6120] of the matching rules according to the XMPP profile [RFC6120] of the matching rules from
from [RFC6125], the client's verification material is obtained out of [RFC6125] (and the overall validation rules from [RFC5280]), the
band in the form of a trusted root, and secure DNS is not necessary. client's verification material is obtained out of band in the form of
a trusted root, and secure DNS is not necessary.
However, sometimes XMPP server administrators are unable or unwilling However, sometimes XMPP server administrators are unable or unwilling
to obtain valid PKIX certificates for their servers. As one example, to obtain valid PKIX certificates for all of the domains they host at
in order to issue a PKIX certificate a certification authority (CA) their servers. For example:
might try to send email messages to authoritative mailbox names
[RFC2142], but the administrator of a subsidiary service such as o In order to issue a PKIX certificate, a CA might try to send email
im.cs.podunk.example cannot receive email sent to messages to authoritative mailbox names [RFC2142], but the
mailto:hostmaster@podunk.example. As another example, a hosting administrator of a subsidiary service such as im.cs.podunk.example
provider such as hosting.example.net might not want to take on the cannot receive email sent to mailto:hostmaster@podunk.example.
liability of holding the certificate and private key for a tenant
such as example.com (or the tenant might not want the hosting o A hosting provider such as hosting.example.net might not want to
provider to hold its certificate and private key). In these take on the liability of holding the certificate and private key
circumstances, prooftypes other than PKIX are desirable. As for a tenant such as example.com (or the tenant might not want the
described below, two alternatives have been defined so far: DNS-Based hosting provider to hold its certificate and private key).
Authentication of Named Entities (DANE) and PKIX Over Secure HTTP
(POSH). o Even if PKIX certificates for each tenant can be obtained, the
management of so many certificates can introduce a large
administrative load.
(Additional discussion can be found in [I-D.ietf-xmpp-posh].)
In these circumstances, prooftypes other than PKIX are desirable or
necessary. As described below, two alternatives have been defined so
far: DNS-Based Authentication of Named Entities (DANE) and PKIX Over
Secure HTTP (POSH).
5.1. DANE 5.1. DANE
In the DANE prooftype, the server's proof consists of either a The DANE prooftype can be defined as follows:
service certificate or domain-issued certificate (TLSA usage PKIX-EE
or DANE-EE, see [RFC6698] and [RFC7218]) that is compared as an exact 1. The server's proof consists of either a service certificate or
match or a hash of either the SubjectPublicKeyInfo or the full domain-issued certificate (TLSA usage PKIX-EE or DANE-EE, see
certificate, and the client's verification material is obtained via [RFC6698] and [RFC7218]).
secure DNS.
2. The proof is checked by verifying an exact match or a hash of
either the SubjectPublicKeyInfo or the full certificate.
3. The client's verification material is obtained via secure DNS as
described in [I-D.ietf-dane-srv].
4. Secure DNS is necessary in order to effectively establish an
alternative chain of trust from the service certificate or
domain-issued certificate to the DNS root.
The DANE prooftype makes use of the DNS-Based Authentication of Named The DANE prooftype makes use of the DNS-Based Authentication of Named
Entities [RFC6698], specifically the use of DANE with DNS SRV records Entities [RFC6698], specifically the use of DANE with DNS SRV records
[I-D.ietf-dane-srv]. For XMPP purposes, the following rules apply: [I-D.ietf-dane-srv]. For XMPP purposes, the following rules apply:
o If there is no SRV resource record, pursue the fallback methods o If there is no SRV resource record, pursue the fallback methods
described in [RFC6120]. described in [RFC6120].
o Use the 'to' address of the initial stream header to determine the o Use the 'to' address of the initial stream header to determine the
domain name of the TLS client's reference identifier (since use of domain name of the TLS client's reference identifier (since use of
the TLS Server Name Indication is purely discretionary in XMPP, as the Server Name Indication extension (TLS SNI) [RFC6066] is purely
mentioned in [RFC6120]). discretionary in XMPP, as mentioned in [RFC6120]).
5.2. POSH 5.2. POSH
In the POSH prooftype, the server's proof consists of a PKIX The POSH prooftype can be defined as follows:
certificate that is checked according to the rules from [RFC6120] and
[RFC6125], the client's verification material is obtained by 1. The server's proof consists of a PKIX certificate.
retrieving the PKIX certificate over HTTPS at a well-known URI
[RFC5785], and secure DNS is not necessary since the HTTPS retrieval 2. The proof is checked according to the rules from [RFC6120] and
mechanism relies on the chain of trust from the public key [RFC6125].
infrastructure.
3. The client's verification material is obtained by retrieving a
hash of the PKIX certificate over HTTPS at a well-known URI
[RFC5785].
4. Secure DNS is not necessary since the HTTPS retrieval mechanism
relies on the chain of trust from the public key infrastructure.
POSH is defined in [I-D.ietf-xmpp-posh]. For XMPP purposes, the POSH is defined in [I-D.ietf-xmpp-posh]. For XMPP purposes, the
following rules apply: following rules apply:
o If no verification materials are found via POSH, pursue the o If no verification materials are found via POSH, pursue the
fallback methods described in [RFC6120]. fallback methods described in [RFC6120].
o Use the 'to' address of the initial stream header to determine the o Use the 'to' address of the initial stream header to determine the
domain name of the TLS client's reference identifier (since use of domain name of the TLS client's reference identifier (since use of
the TLS Server Name Indication is purely discretionary in XMPP, as the Server Name Indication extension (TLS SNI) [RFC6066] is purely
mentioned in [RFC6120]). discretionary in XMPP, as mentioned in [RFC6120]).
The well-known URIs [RFC5785] to be used for POSH are: The well-known URIs [RFC5785] to be used for POSH are:
o "/.well-known/posh._xmpp-client._tcp.json" for client-to-server o "/.well-known/posh._xmpp-client._tcp.json" for client-to-server
connections connections
o "/.well-known/posh._xmpp-server._tcp.json" for server-to-server o "/.well-known/posh._xmpp-server._tcp.json" for server-to-server
connections connections
6. Secure Delegation and Multi-Tenancy 6. Secure Delegation and Multi-Tenancy
One common method for deploying XMPP services is multi-tenancy: e.g., One common method for deploying XMPP services is multi-tenancy: e.g.,
the XMPP service for example.com is actually hosted at XMPP services for the service domain example.com are actually hosted
hosting.example.net. Such an arrangement is relatively convenient in at the target server hosting.example.net. Such an arrangement is
XMPP given the use of DNS SRV records [RFC2782], such as the relatively convenient in XMPP given the use of DNS SRV records
following delegation from example.com to hosting.example.net: [RFC2782], such as the following delegation from example.com to
hosting.example.net:
_xmpp-server._tcp.example.com. 0 IN SRV 0 0 5269 hosting.example.net _xmpp-server._tcp.example.com. 0 IN SRV 0 0 5269 hosting.example.net
Secure connections with multi-tenancy can work using the PKIX Secure connections with multi-tenancy can work using the PKIX
prooftype on a small scale if the provider itself wishes to host prooftype on a small scale if the provider itself wishes to host
several domains (e.g., several related domains such as jabber- several domains (e.g., related domains such as jabber-de.example and
de.example and jabber-ch.example). However, in practice the security jabber-ch.example). However, in practice the security of multi-
of multi-tenancy has been found to be unwieldy when the provider tenancy has been found to be unwieldy when the provider hosts large
hosts large numbers of XMPP services on behalf of multiple tenants numbers of XMPP services on behalf of multiple tenants (see
(see [I-D.ietf-xmpp-posh] for a detailed description). Typically [I-D.ietf-xmpp-posh] for a detailed description). Typically there
there are two main reasons for this state of affairs: the service are two main reasons for this state of affairs: the service provider
provider (say, hosting.example.net) wishes to limit its liability and (say, hosting.example.net) wishes to limit its liability and
therefore does not wish to hold the certificate and private key for therefore does not wish to hold the certificate and private key for
the tenant (say, example.com) and the tenant wishes to improve the the tenant (say, example.com) and the tenant wishes to improve the
security of the service and therefore does not wish to share its security of the service and therefore does not wish to share its
certificate and private key with service provider. As a result, certificate and private key with the service provider. As a result,
server-to-server communications to example.com go unencrypted or the server-to-server communications to example.com go unencrypted or the
communications are TLS-encrypted but the certificates are not checked communications are TLS-encrypted but the certificates are not checked
(which is functionally equivalent to a connection using an anonymous (which is functionally equivalent to a connection using an anonymous
key exchange). This is also true of client-to-server communications, key exchange). This is also true of client-to-server communications,
forcing end users to override certificate warnings or configure their forcing end users to override certificate warnings or configure their
clients to accept certificates for hosting.example.net instead of clients to accept or "pin" certificates for hosting.example.net
example.com. The fundamental problem here is that if DNSSEC is not instead of example.com. The fundamental problem here is that if
used then the act of delegation via DNS SRV records is inherently DNSSEC is not used then the act of delegation via DNS SRV records is
insecure. inherently insecure.
The specification for use of SRV records with DANE The specification for use of SRV records with DANE
[I-D.ietf-dane-srv] explains how to use DNSSEC for secure delegation [I-D.ietf-dane-srv] explains how to use DNSSEC for secure delegation
with the DANE prooftype, and the POSH specification with the DANE prooftype, and the POSH specification
[I-D.ietf-xmpp-posh] explains how to use HTTPS redirects for secure [I-D.ietf-xmpp-posh] explains how to use HTTPS redirects for secure
delegation with the POSH prooftype. delegation with the POSH prooftype.
7. Prooftype Model 7. Prooftype Model
In general, a domain name association (DNA) prooftype conforms to the In general, a domain name association (DNA) prooftype conforms to the
skipping to change at page 15, line 6 skipping to change at page 16, line 50
Other prooftypes are possible; examples might include TLS with PGP Other prooftypes are possible; examples might include TLS with PGP
keys [RFC6091], a token mechanism such as Kerberos [RFC4120] or OAuth keys [RFC6091], a token mechanism such as Kerberos [RFC4120] or OAuth
[RFC6749], and Server Dialback keys [XEP-0220]. [RFC6749], and Server Dialback keys [XEP-0220].
Although the PKIX prooftype reuses the syntax of the XMPP Server Although the PKIX prooftype reuses the syntax of the XMPP Server
Dialback protocol [XEP-0220] for signalling between servers, this Dialback protocol [XEP-0220] for signalling between servers, this
framework document does not define how the generation and validation framework document does not define how the generation and validation
of Server Dialback keys (also specified in [XEP-0220]) is a DNA of Server Dialback keys (also specified in [XEP-0220]) is a DNA
prooftype. However, nothing in this document prevents the continued prooftype. However, nothing in this document prevents the continued
use of server dialback, and a future specification (or an updated use of Server Dialback for signaling, and a future specification (or
version of [XEP-0220]) might define a DNA prooftype for dialback in a an updated version of [XEP-0220]) might define a DNA prooftype for
way that is consistent with this framework. However, nothing in this Server Dialback keys in a way that is consistent with this framework.
document prevents the continued use of Server Dialback on the XMPP
network.
8. IANA Considerations 8. IANA Considerations
The POSH specification [I-D.ietf-xmpp-posh] provides guidelines for The POSH specification [I-D.ietf-xmpp-posh] provides guidelines for
registering the well-known URIs [RFC5785] of protocols that make use registering the well-known URIs [RFC5785] of protocols that make use
of POSH. This specification registers two such URIs, for which the of POSH. This specification registers two such URIs, for which the
completed registration templates follow. completed registration templates follow.
8.1. Well-Known URI for xmpp-client Service 8.1. Well-Known URI for xmpp-client Service
This specification registers the well-known URI "posh._xmpp- This specification registers "posh._xmpp-client._tcp.json" in the
client._tcp.json" in the Well-Known URI Registry as defined by Well-Known URI Registry as defined by [RFC5785].
[RFC5785].
URI suffix: posh._xmpp-client._tcp.json URI suffix: posh._xmpp-client._tcp.json
Change controller: IETF Change controller: IETF
Specification document(s): [[ this document ]] Specification document(s): [[ this document ]]
8.2. Well-Known URI for xmpp-server Service 8.2. Well-Known URI for xmpp-server Service
This specification registers the well-known URI "posh._xmpp- This specification registers "posh._xmpp-server._tcp.json" in the
server._tcp.json" in the Well-Known URI Registry as defined by Well-Known URI Registry as defined by [RFC5785].
[RFC5785].
URI suffix: posh._xmpp-server._tcp.json URI suffix: posh._xmpp-server._tcp.json
Change controller: IETF Change controller: IETF
Specification document(s): [[ this document ]] Specification document(s): [[ this document ]]
9. Security Considerations 9. Security Considerations
This document supplements but does not supersede the security With regard to the PKIX prooftype, this document supplements but does
considerations of [RFC6120] and [RFC6125]. Relevant security not supersede the security considerations of [RFC6120] and [RFC6125].
considerations can also be found in [I-D.ietf-dane-srv] and
[I-D.ietf-xmpp-posh].
10. References With regard to the DANE and PKIX prooftypes, the reader is referred
to [I-D.ietf-dane-srv] and [I-D.ietf-xmpp-posh], respectively.
Any future prooftypes need to thoroughly describe how they conform to
the prooftype model specified in Section 7 of this document.
10. References
10.1. Normative References 10.1. Normative References
[I-D.ietf-dane-srv] [I-D.ietf-dane-srv]
Finch, T., Miller, M., and P. Saint-Andre, "Using DNS- Finch, T., Miller, M., and P. Saint-Andre, "Using DNS-
Based Authentication of Named Entities (DANE) TLSA records Based Authentication of Named Entities (DANE) TLSA Records
with SRV and MX records.", draft-ietf-dane-srv-08 (work in with SRV Records", draft-ietf-dane-srv-06 (work in
progress), October 2014. progress), June 2014.
[I-D.ietf-xmpp-posh] [I-D.ietf-xmpp-posh]
Miller, M. and P. Saint-Andre, "PKIX over Secure HTTP Miller, M. and P. Saint-Andre, "PKIX over Secure HTTP
(POSH)", draft-ietf-xmpp-posh-02 (work in progress), (POSH)", draft-ietf-xmpp-posh-03 (work in progress),
October 2014. January 2015.
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities", [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, November 1987. STD 13, RFC 1034, November 1987.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987. specification", STD 13, RFC 1035, November 1987.
[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
specifying the location of services (DNS SRV)", RFC 2782, specifying the location of services (DNS SRV)", RFC 2782,
February 2000. February 2000.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements", RFC Rose, "DNS Security Introduction and Requirements", RFC
4033, May 2005. 4033, March 2005.
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2", RFC [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", RFC
4949, August 2007. 4949, August 2007.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008. (CRL) Profile", RFC 5280, May 2008.
[RFC5785] Nottingham, M. and E. Hammer-Lahav, "Defining Well-Known [RFC5785] Nottingham, M. and E. Hammer-Lahav, "Defining Well-Known
skipping to change at page 17, line 21 skipping to change at page 19, line 15
[RFC6698] Hoffman, P. and J. Schlyter, "The DNS-Based Authentication [RFC6698] Hoffman, P. and J. Schlyter, "The DNS-Based Authentication
of Named Entities (DANE) Transport Layer Security (TLS) of Named Entities (DANE) Transport Layer Security (TLS)
Protocol: TLSA", RFC 6698, August 2012. Protocol: TLSA", RFC 6698, August 2012.
[RFC7218] Gudmundsson, O., "Adding Acronyms to Simplify [RFC7218] Gudmundsson, O., "Adding Acronyms to Simplify
Conversations about DNS-Based Authentication of Named Conversations about DNS-Based Authentication of Named
Entities (DANE)", RFC 7218, April 2014. Entities (DANE)", RFC 7218, April 2014.
[XEP-0220] [XEP-0220]
Miller, J., Saint-Andre, P., and P. Hancke, "Server Miller, J., Saint-Andre, P., and P. Hancke, "Server
Dialback", XSF XEP 0220, September 2013. Dialback", XSF XEP 0220, August 2014.
10.2. Informative References 10.2. Informative References
[I-D.ietf-uta-xmpp]
Saint-Andre, P. and a. alkemade, "Use of Transport Layer
Security (TLS) in the Extensible Messaging and Presence
Protocol (XMPP)", draft-ietf-uta-xmpp-05 (work in
progress), January 2015.
[RFC2142] Crocker, D., "MAILBOX NAMES FOR COMMON SERVICES, ROLES AND [RFC2142] Crocker, D., "MAILBOX NAMES FOR COMMON SERVICES, ROLES AND
FUNCTIONS", RFC 2142, May 1997. FUNCTIONS", RFC 2142, May 1997.
[RFC3920] Saint-Andre, P., Ed., "Extensible Messaging and Presence [RFC3920] Saint-Andre, P., Ed., "Extensible Messaging and Presence
Protocol (XMPP): Core", RFC 3920, October 2004. Protocol (XMPP): Core", RFC 3920, October 2004.
[RFC4120] Neuman, C., Yu, T., Hartman, S., and K. Raeburn, "The [RFC4120] Neuman, C., Yu, T., Hartman, S., and K. Raeburn, "The
Kerberos Network Authentication Service (V5)", RFC 4120, Kerberos Network Authentication Service (V5)", RFC 4120,
July 2005. July 2005.
[RFC6066] Eastlake, D., "Transport Layer Security (TLS) Extensions:
Extension Definitions", RFC 6066, January 2011.
[RFC6091] Mavrogiannopoulos, N. and D. Gillmor, "Using OpenPGP Keys [RFC6091] Mavrogiannopoulos, N. and D. Gillmor, "Using OpenPGP Keys
for Transport Layer Security (TLS) Authentication", RFC for Transport Layer Security (TLS) Authentication", RFC
6091, February 2011. 6091, February 2011.
[RFC6749] Hardt, D., "The OAuth 2.0 Authorization Framework", RFC [RFC6749] Hardt, D., "The OAuth 2.0 Authorization Framework", RFC
6749, October 2012. 6749, October 2012.
[XEP-0045] [XEP-0045]
Saint-Andre, P., "Multi-User Chat", XSF XEP 0045, February Saint-Andre, P., "Multi-User Chat", XSF XEP 0045, February
2012. 2012.
[XEP-0288] [XEP-0288]
Hancke, P. and D. Cridland, "Bidirectional Server-to- Hancke, P. and D. Cridland, "Bidirectional Server-to-
Server Connections", XSF XEP 0288, September 2013. Server Connections", XSF XEP 0288, September 2013.
Appendix A. Acknowledgements Appendix A. Acknowledgements
Thanks to Philipp Hancke for his feedback. Thanks to Richard Barnes, Stephen Farrell, and Jonas Lindberg for
contributing to earlier versions of this document.
Authors' Addresses Authors' Addresses
Peter Saint-Andre Peter Saint-Andre
&yet &yet
Email: peter@andyet.com Email: peter@andyet.com
URI: https://andyet.com/ URI: https://andyet.com/
Matthew Miller Matthew Miller
Cisco Systems, Inc. Cisco Systems, Inc.
1899 Wynkoop Street, Suite 600 1899 Wynkoop Street, Suite 600
Denver, CO 80202 Denver, CO 80202
USA USA
Email: mamille2@cisco.com Email: mamille2@cisco.com
Philipp Hancke
&yet
Email: fippo@andyet.com
URI: https://andyet.com/
 End of changes. 95 change blocks. 
240 lines changed or deleted 342 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/