XMPP WG IETF 75, Stockholm Tuesday, 28 July 2009, Session 1: 0900-1130 Chairs: Joe Hildebrand Sean Turner Opening http://www.ietf.org/proceedings/75/slides/xmpp-0.pdf Agenda Bashine - No bashing. ================================================================================== Extensible Messaging and Presence Protocol (XMPP): Core draft-ietf-xmpp-3920bis-00 Peter Saint Andre presented. Slides:http://www3.ietf.org/proceedings/75/slides/xmpp-1.pdf No comments were raised from the room. ================================================================================== Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence draft-ietf-xmpp-3921bis-00 Peter Saint Andre presented. Slides:http://www3.ietf.org/proceedings/75/slides/xmpp-2.pdf Question from Sean Turner: Is there a real issue with the way that the roster works or is it just aesthetics? Kevin Smith in the XMPP chat room: Concerned only about extensibility issue. Joe Hildebrand: We need to make sure that clients will not get into a mess with extensibility. ================================================================================== Possible Work Items: Multiplexing of Connections between Extensible Messaging and Presence Protocol (XMPP) Servers Using Transport Layer Security (TLS) draft-hildebrand-xmpp-tls-multiplexing-00 Joe Hildebrand presented Says that he does not think that we should adopt the approach in this draft. Very few people have read the draft. The issue is NXM connectivity between two hosting clouds where each hosts many XMPP servers. It is not acceptable to create NXM sockets. Approach is to generate requirements to TLS WG. There are many issues with this approach, see in the slides. Domain Name Assertions (DNA) Another approach called DNA (Domain Name Assertion) was described. Leif Johansson: What was meant by saying the question in HTTPS that if it is different from Auth? Joe Hildebrand: It meant the mechanisms are similar. Leif Johansson: There should be a way to define XMPP servers "clubs" that can trust each other without the need to establish the trust between each two entities. Joe Hildebrand: DNA can support several proof mechanisms so it is possible to include "clubs" there also. Leif Johansson: Important to look at other types of mechanisms that were used. Peter Saint Andre: We are at the beginning of the discussion and any input will be useful. This is a very real pain point since there are many hosted XMPP servers deployed. Leif Johansson: Does not this work deserver a wider audience? Peter Saint Andre: We will need an ID for DNA anyway. HUM - Should we solve this issue? Strong hum in favor. HUM - Who does not have a clue on this issue? Few people hum very strongly. (It was later concluded that the hum about who does not have a clue should not be considered) Peter Saint Andre: The issue is not specific to XMPP only Chris Newman: SASL may have some approach to this but it is important to solve the issue in XMPP first and not try to go for a general solution for all protocols. Leif Johansson: This issue is already in the charter anyway... ================================================================================== Requirements for End-to-End Encryption in the Extensible Messaging and Presence Protocol (XMPP) draft-saintandre-xmpp-e2e-requirements-01 Dirk Meyer presents. HUM: Should we adopt this requirements draft as a working group item? Strong hum in favor. No hum for objection. ================================================================================== XTLS: End-to-End Encryption for the Extensible Messaging and Presence Protocol (XMPP) Using Transport Layer Security (TLS) draft-meyer-xmpp-e2e-encryption-02 Dirk Meyer presents. The idea is to actually tunnel TLS via XMPP. Will use Jingle as a base. Some open issues including no offline message support are described. Let us start with this simple case and make it work first. We would love to do the complex stuff, but have to start with something. Peter Saint Andre: We are looking for something stronger then leap of faith. Leif Johansson: Why not sign messages? Suggests several other methods as S/MIME. Joe Hildebrand: There is an issue with a lot of white space. Dirk Meyer: It is very easy to implement over Jingle. 50 lines or so. Peter Resnick: Do we ignore offline messaging? Joe Hildebrand: No offline message support at this stage. Peter Saint Andre: Also eSessions did not enable offline messaging. Hannes Tschofenig: from the chat room mentions DTLS SRP Peter Saint Andre: We have not looked into signing at all. Peter Resnick: TLS e2e is relatively easy. It is much harder to do the other things as n-way and offline messaging. Peter Saint Andre: There may be ways to do this but the community have failed to solve this issue for 10 years... Peter Resnick: People that are devoted to this are doing OTR anyway. Joe Hildebrand: Should we ask OTR people for help? Peter Saint Andre: OTR does not meet some of the requirements. E.g. enables to protect only the plain text message body. Does not enable protecting the whole channel as