Domain Name Associations (DNA) in the Extensible Messaging and Presence Protocol (XMPP)

Approval announcement
Draft of message to be sent after approval:

From: The IESG <>
To: IETF-Announce <>
Cc: RFC Editor <>,
    xmpp mailing list <>,
    xmpp chair <>
Subject: Protocol Action: 'Domain Name Associations (DNA) in the Extensible Messaging and Presence Protocol (XMPP)' to Proposed Standard (draft-ietf-xmpp-dna-11.txt)

The IESG has approved the following document:
- 'Domain Name Associations (DNA) in the Extensible Messaging and
   Presence Protocol (XMPP)'
  (draft-ietf-xmpp-dna-11.txt) as Proposed Standard

This document is the product of the Extensible Messaging and Presence
Protocol Working Group.

The IESG contact persons are Barry Leiba, Ben Campbell and Alissa Cooper.

A URL of this Internet Draft is:

Technical Summary

This document defines the XMPP Domain Name Association (DNA) framework. The
abstract states the document does two things to improve security in XMPP:

     "First, it specifies how to
   establish a strong association between a domain name and an XML
   stream, using the concept of "prooftypes".  Second, it describes how
   to securely delegate a service domain name (e.g., to a
   target server host name (e.g., [...]"

Overall, the document establishes a framework for server authentication
mechanisms, known as "prooftypes", by which servers can provide multiple
forms of proof of their identity to both clients and other peer servers.

Working Group Summary

The Working Group believes the document is ready to be used as the base
framework, and indeed is already so used by draft-ietf-xmpp-posh. On that
basis it is requested to be published as a Standards Track document at
"Proposed Standard".

Document Quality

The majority of reviews concentrated on two areas:

a) Avoiding the considerable overlap between this document and several
others, including RFC 6120, RFC 6125, XEP-0220, XEP-0288 and XEP-0344.

b) Correcting errors within the (highly complex) area of server to server

It should be noted that much of the document is simply describing the
state of the art with respect to server to server authentication, which
is spread over several documents, and noting the points where
authentication and authorization decisions are required.

The chairs believe that consensus has been reached for the document to be
published. As this document essentially distils the somewhat scattered
specification and knowledge of S2S auth, it would be fair to say it has
high implementation already, however multiple implementations have
adopted the model described in this document as the basis for work
underway for DANE, POSH and other prooftypes.


   The Document Shepherd is Dave Cridland.
   The responsible Area Director is Ben Campbell.