-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/13/13 1:35 AM, Hannes Tschofenig wrote: > Hi Peter, > > I am wondering whether it would be possible to link the > recommendations between draft-saintandre-xmpp-tls-01 and > draft-sheffer-tls-bcp-00 with respect to what it says about TLS.
Sure. > I believe that the TLS recommendations should be generic for the > crypto (no RC4, key length, etc.) and don't depend on the specific > application that is being protected. In general, yes. There might be some differences depending on the application protocol that uses TLS. > Of course you could argue that it makes sense to replicate the text > for simpler readability. One thing I'm trying to do with draft-saintandre-xmpp-tls is educate and engage the XMPP community in the task of upgrading the security profile of the XMPP network (a conversation that predates the recent incidents). > One other remark about session resumption. There are two versions > of session resumption, namely one that is part of the base TLS spec > and another one that provides session resumption without server > side state. From your text it seems that focus on the latter, which > is OK. > > RFC 5077 already says that you have to encrypt and authenticate > the ticket. What can be said in the XMPP context is to implement > the recommended format of the ticket to avoid problems with not > encrypting the information or not authenticating it. The info is > found in Section 4 of RFC 5077. Of course, we could double-check > the recommended algorithms for that as well. About session resumption, I need to look more closely at RFC 5077 and the version that is in the base spec. I am not yet fully sure that citing RFC 5077 is the right thing for XMPP. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSN3xeAAoJEOoGpJErxa2p/PMP/0Adzg6321ojzvCNgBMLMNIC z3+WR/xbG1uJBmCiZ5cLU08HuINn+x1LTLeraZHDGxrHw5Uv1nRK3FAGZqKSLktK duX9lNBhQCYDms62vKFO8femJaGBi4fLlS4a1fqDqJnNgDk8IbtOghHq4CDYJuhm MLZrTJpogo3TxaUpDacBzzqrTEQPuSS04lbcZGtrRibe99DdxY9TrmVSeoZajXD1 /AWpp4tuyRQU08j4yg1K2VdQvXYfy6xKsgrkvXEqCa7S8h4/2l3AjghyoQ21p5iw ZnQuUK5xA+w737/FtmsClZo057Cd6O5gQht523MtLXe8a/mqtXScPq4Uc4aNh5LK bKqG0NL+tg8Jk+tnnHjhy3/WJU4GCPW+JB8JNuGLAARhYHPK6vup6ybxFmEiU9nC D6fzhjB9+YTY/Jsb4RU5LEqduDG961wf5oXHVj0dN/Zokh5vZEZGSLH5rPmqKtG1 LFu3t/8ocXiZ2ojEadZ53L+U8h1BWozVQJVJenFhZ1Okvewo10Q5n1K4chnt+qZx 3BYR8SPcEPvklVrIA5KjiGCiX8hLpTcUn3k6RlqEhzyyiYGPCoDWv9JXgk/AssAF 72tmLznjgGBTk+ueauragAdojSVOuQdbKoQEGNNR6VCaHy/hDXxV7XTpRaw2OZPH 46SP98PVUxQQRIQdh7oC =wsJy -----END PGP SIGNATURE----- _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
