Technical Summary
This document defines the XMPP Domain Name Association (DNA) framework. The
abstract states the document does two things to improve security in XMPP:
"First, it specifies how to
establish a strong association between a domain name and an XML
stream, using the concept of "prooftypes". Second, it describes how
to securely delegate a service domain name (e.g., example.com) to a
target server host name (e.g., hosting.example.net) [...]"
Overall, the document establishes a framework for server authentication
mechanisms, known as "prooftypes", by which servers can provide multiple
forms of proof of their identity to both clients and other peer servers.
Working Group Summary
The Working Group believes the document is ready to be used as the base
framework, and indeed is already so used by draft-ietf-xmpp-posh. On that
basis it is requested to be published as a Standards Track document at
"Proposed Standard".
Document Quality
The majority of reviews concentrated on two areas:
a) Avoiding the considerable overlap between this document and several
others, including RFC 6120, RFC 6125, XEP-0220, XEP-0288 and XEP-0344.
b) Correcting errors within the (highly complex) area of server to server
authentication.
It should be noted that much of the document is simply describing the
state of the art with respect to server to server authentication, which
is spread over several documents, and noting the points where
authentication and authorization decisions are required.
The chairs believe that consensus has been reached for the document to be
published. As this document essentially distils the somewhat scattered
specification and knowledge of S2S auth, it would be fair to say it has
high implementation already, however multiple implementations have
adopted the model described in this document as the basis for work
underway for DANE, POSH and other prooftypes.
Personnel
The Document Shepherd is Dave Cridland.
The responsible Area Director is Ben Campbell.