PROTO Shepherd Writeup for draft-ietf-xmpp-dna
Shepherd writeup for draft-ietf-xmpp-dna-10
The document shepherd is Dave Cridland.
The responsible Area Director is Ben Campbell.
This document defines the XMPP Domain Name Association (DNA) framework. The
abstract states the document does two things to improve security in XMPP:
"First, it specifies how to
establish a strong association between a domain name and an XML
stream, using the concept of "prooftypes". Second, it describes how
to securely delegate a service domain name (e.g., example.com) to a
target server host name (e.g., hosting.example.net) [...]"
Overall, the document establishes a framework for server authentication
mechanisms, known as "prooftypes", by which servers can provide multiple
forms of proof of their identity to both clients and other peer servers.
The Working Group believes the document is ready to be used as the base
framework, and indeed is already so used by draft-ietf-xmpp-posh. On that
basis it is requested to be published as a Standards Track document at
2. Review and Consensus
The XMPP working group is chartered to provide a solution to allow a
hosting service to share an XMPP server among multiple hosted domains.
That effort produced the Domain Name Assertion (DNA) framework, and the
"PKIX over Secure HTTP", or "POSH", prooftype, which is still a
work-in-progress at the time of this writing.
In IETF 86, the working group had a draft-ietf-xmpp-dna document edited
by Richard Barnes and Jonas Lindborg, however Richard suggested replacing that working group draft with the individual draft written by
Peter Saint-Andre and Matthew Miller. After IETF 86, the working group
then adopted Peter's draft over Richard's.
After version 8 of the document, Philipp Hancke (also an author of
XEP-0220, XEP-0288, and XEP-0344) joined as co-author.
The majority of reviews concentrated on two areas:
a) Avoiding the considerable overlap between this document and several
others, including RFC 6120, RFC 6125, XEP-0220, XEP-0288 and XEP-0344.
b) Correcting errors within the (highly complex) area of server to server
It should be noted that much of the document is simply describing the
state of the art with respect to server to server authentication, which
is spread over several documents, and noting the points where
authentication and authorization decisions are required.
The chairs believe that consensus has been reached for the document to be
published. As this document essentially distils the somewhat scattered
specification and knowledge of S2S auth, it would be fair to say it has
high implementation already, however multiple implementations have
adopted the model described in this document as the basis for work
underway for DANE, POSH and other prooftypes.
3) Intellectual Property
No IPR has been disclosed with respect to this specification.
Matthew Miller is unaware of any IPR, and is aware of his obligations under BCP 78 and BCP 79.
Philipp Hancke is unaware of any IPR, and is aware of his obligations under BCP 78 and BCP 79.
Peter Saint-Andre is unaware of any IPR, and is aware of his obligations under BCP 78 and BCP 79.
4) Other Points