Hi Spencer, thanks for the review. Comments inline.
On 4/20/15 2:23 PM, Spencer Dawkins wrote:
Spencer Dawkins has entered the following ballot position for
draft-ietf-uta-xmpp-06: Yes
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
http://datatracker.ietf.org/doc/draft-ietf-uta-xmpp/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
This is important work. Thank you for doing it.
I have a couple of points where I wasn't clear on the text, but they're
nits.
I'm not quite sure what this text:
3.3. Session Resumption
In XMPP, TLS session resumption can be used in concert with the XMPP
Stream Management extension; see [XEP-0198] for further details.
means in a major section called "Recommendations". Good idea? Bad idea?
Doesn't matter? It depends?
I could read "can be used" as saying "it's physically possible", or "it's
OK", so I thought I should ask. I'm fine with you not saying anything
normative, but it seems like a thumbs up/down/sideways would be helpful,
at a minimum.
Yes, that section is a bit terse, isn't it?
In general, the stream management extension (XEP-0198) is a Good Thing
because it enables a client to know if its server did or did not handle
the stanzas it has sent. In particular with regard to session
resumption, if an XMPP session dies for some reason (e.g., spotty
connectivity), XEP-0198 enables the client to resume the XMPP session
and resend any stanzas that were not successfully received over the
original stream. Because these features have significantly improved the
reliability of stanza delivery on the XMPP network, it's quite helpful
for clients and servers to implement XEP-0198. In addition, XEP-0198
recommends the use of TLS session resumption to further speed this
process, so the recommendation really goes in the direction of XEP-0198
to RFC 5077 and I don't know if it's appropriate for this document to
say "you should implement XEP-0198".
We might do something like this:
OLD
In XMPP, TLS session resumption can be used in concert with the XMPP
Stream Management extension; see [XEP-0198] for further details.
NEW
To improve the reliability of communications over XMPP, it is common
practice for clients and servers to implement the stream management
extension [XEP-0198]. Although that specification includes a method
for resumption of XMPP streams at the application layer, also using
session resumption at the TLS layer further optimizes the process of
session resumption. See [XEP-0198] for detailed information.
Whether or not XEP-0198 is used for application-layer session
resumption, implementations MUST follow the recommendations provided
in [I-D.ietf-uta-tls-bcp] regarding TLS-layer session resumption.
In this text:
5. Security Considerations
The use of TLS can help limit the information available for
correlation to the network and transport layer headers as opposed to
the application layer.
I'm guessing what "as opposed to" means. Is this saying
The use of TLS can help limit the information available for
correlation between the network and transport layer headers
and the application layer.
Yes, that is clearer.
Peter
--
Peter Saint-Andre
https://andyet.com/
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
