| < draft-ietf-uta-xmpp-04.txt | draft-ietf-uta-xmpp-05.txt > | |||
|---|---|---|---|---|
| Network Working Group P. Saint-Andre | Network Working Group P. Saint-Andre | |||
| Internet-Draft &yet | Internet-Draft &yet | |||
| Updates: 6120 (if approved) T. Alkemade | Updates: 6120 (if approved) T. Alkemade | |||
| Intended status: Standards Track | Intended status: Standards Track | |||
| Expires: May 30, 2015 November 26, 2014 | Expires: July 27, 2015 January 23, 2015 | |||
| Use of Transport Layer Security (TLS) in the Extensible Messaging and | Use of Transport Layer Security (TLS) in the Extensible Messaging and | |||
| Presence Protocol (XMPP) | Presence Protocol (XMPP) | |||
| draft-ietf-uta-xmpp-04 | draft-ietf-uta-xmpp-05 | |||
| Abstract | Abstract | |||
| This document provides recommendations for the use of Transport Layer | This document provides recommendations for the use of Transport Layer | |||
| Security (TLS) in the Extensible Messaging and Presence Protocol | Security (TLS) in the Extensible Messaging and Presence Protocol | |||
| (XMPP). This document updates RFC 6120. | (XMPP). This document updates RFC 6120. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 30, 2015. | This Internet-Draft will expire on July 27, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 3, line 48 ¶ | skipping to change at page 3, line 48 ¶ | |||
| Stream Management extension; see [XEP-0198] for further details. | Stream Management extension; see [XEP-0198] for further details. | |||
| 3.4. Authenticated Connections | 3.4. Authenticated Connections | |||
| Both the core XMPP specification [RFC6120] and the "CertID" | Both the core XMPP specification [RFC6120] and the "CertID" | |||
| specification [RFC6125] provide recommendations and requirements for | specification [RFC6125] provide recommendations and requirements for | |||
| certificate validation in the context of authenticated connections. | certificate validation in the context of authenticated connections. | |||
| This document does not supersede those specifications. Wherever | This document does not supersede those specifications. Wherever | |||
| possible, it is best to prefer authenticated connections (along with | possible, it is best to prefer authenticated connections (along with | |||
| SASL [RFC4422]), as already stated in the core XMPP specification | SASL [RFC4422]), as already stated in the core XMPP specification | |||
| [RFC6120]. In particular, clients MUST authenticate servers. | [RFC6120]. In particular, clients MUST authenticate servers and | |||
| Because this document does not mandate that servers need to | servers MUST authenticate clients. This document does not mandate | |||
| authenticate peer servers, unauthenticated server-to-server | that servers need to authenticate peer servers (see next section). | |||
| connections are allowed (consistent with current practice on the XMPP | ||||
| network). | ||||
| This document does not modify the recommendations in [RFC6120] | This document does not modify the recommendations in [RFC6120] | |||
| regarding the Subject Alternative Names (or other certificate | regarding the Subject Alternative Names (or other certificate | |||
| details) that need to be supported for authentication of XMPP | details) that need to be supported for authentication of XMPP | |||
| connections. | connections using PKIX certificates. | |||
| The Domain Name Associations (DNA) specification [I-D.ietf-xmpp-dna] | ||||
| describes a framework for XMPP server authentication methods, which | ||||
| include not only PKIX but also DNS-Based Authentication of Named | ||||
| Entities (DANE) as defined in [I-D.ietf-dane-srv] and PKIX over | ||||
| Secure HTTP (POSH) as defined in [I-D.ietf-xmpp-posh]. | ||||
| 3.5. Unauthenticated Connections | 3.5. Unauthenticated Connections | |||
| Given the pervasiveness of passive eavesdropping, even an | Given the pervasiveness of passive eavesdropping, even an | |||
| unauthenticated connection might be better than an unencrypted | unauthenticated connection might be better than an unencrypted | |||
| connection (this is similar to the "better than nothing security" | connection (this is similar to the "better than nothing security" | |||
| approach for IPsec [RFC5386]). In particular, because of current | approach for IPsec [RFC5386]). Unauthenticated connections include | |||
| deployment challenges for authenticated connections between XMPP | connections negotiated using anonymous Diffie-Hellman algorithms or | |||
| servers (see [I-D.ietf-xmpp-dna] and [I-D.ietf-xmpp-posh] for | using self-signed certificates, among other scenarios. In | |||
| details), it can be reasonable for XMPP server implementations to | particular, because of current deployment challenges for | |||
| accept unauthenticated connections when the Server Dialback protocol | authenticated connections between XMPP servers (see | |||
| [XEP-0220] is used for weak identity verification; this will at least | [I-D.ietf-xmpp-dna] and [I-D.ietf-xmpp-posh] for details), it can be | |||
| enable encryption of server-to-server connections. Unauthenticated | reasonable for XMPP server implementations to accept unauthenticated | |||
| connections include connections negotiated using anonymous Diffie- | connections when Server Dialback keys [XEP-0220] are used; although | |||
| Hellman algorithms or using self-signed certificates, among other | such keys on their own provide only weak identity verification (made | |||
| scenarios. | stronger through the use of DNSSEC [RFC4033]), this at least enables | |||
| encryption of server-to-server connections. | ||||
| 3.6. Server Name Indication | 3.6. Server Name Indication | |||
| Although there is no harm in supporting the TLS Server Name | Although there is no harm in supporting the TLS Server Name | |||
| Indication (SNI) extension [RFC6066], this is not necessary since the | Indication (SNI) extension [RFC6066], this is not necessary since the | |||
| same function is served in XMPP by the 'to' address of the initial | same function is served in XMPP by the 'to' address of the initial | |||
| stream header as explained in Section 4.7.2 of [RFC6120]. | stream header as explained in Section 4.7.2 of [RFC6120]. | |||
| 3.7. Human Factors | 3.7. Human Factors | |||
| skipping to change at page 5, line 17 ¶ | skipping to change at page 5, line 21 ¶ | |||
| This document requests no actions of the IANA. | This document requests no actions of the IANA. | |||
| 5. Security Considerations | 5. Security Considerations | |||
| The use of TLS can help limit the information available for | The use of TLS can help limit the information available for | |||
| correlation to the network and transport layer headers as opposed to | correlation to the network and transport layer headers as opposed to | |||
| the application layer. As typically deployed, XMPP technologies do | the application layer. As typically deployed, XMPP technologies do | |||
| not leave application-layer routing data (such as XMPP 'to' and | not leave application-layer routing data (such as XMPP 'to' and | |||
| 'from' addresses) at rest on intermediate systems, since there is | 'from' addresses) at rest on intermediate systems, since there is | |||
| only one hop between any two given XMPP servers. As a result, | only one hop between any two given XMPP servers. As a result, | |||
| encrypting all hops (sending client to sender's server, sender's | encrypting all hops (sender's client to sender's server, sender's | |||
| server to recipient's server, recipient's server to recipient's | server to recipient's server, recipient's server to recipient's | |||
| client) can help to limit the amount of "metadata" that might leak. | client) can help to limit the amount of "metadata" that might leak. | |||
| It is possible that XMPP servers themselves might be compromised. In | It is possible that XMPP servers themselves might be compromised. In | |||
| that case, per-hop encryption would not protect XMPP communications, | that case, per-hop encryption would not protect XMPP communications, | |||
| and even end-to-end encryption of (parts of) XMPP stanza payloads | and even end-to-end encryption of (parts of) XMPP stanza payloads | |||
| would leave addressing information and XMPP roster data in the clear. | would leave addressing information and XMPP roster data in the clear. | |||
| By the same token, it is possible that XMPP clients (or the end-user | By the same token, it is possible that XMPP clients (or the end-user | |||
| devices on which such clients are installed) could also be | devices on which such clients are installed) could also be | |||
| compromised, leaving users utterly at the mercy of an adversary. | compromised, leaving users utterly at the mercy of an adversary. | |||
| skipping to change at page 5, line 44 ¶ | skipping to change at page 5, line 48 ¶ | |||
| encryption technologies will serve to protect XMPP communications to | encryption technologies will serve to protect XMPP communications to | |||
| a measurable degree, compared to the alternatives. | a measurable degree, compared to the alternatives. | |||
| 6. References | 6. References | |||
| 6.1. Normative References | 6.1. Normative References | |||
| [I-D.ietf-uta-tls-bcp] | [I-D.ietf-uta-tls-bcp] | |||
| Sheffer, Y., Holz, R., and P. Saint-Andre, | Sheffer, Y., Holz, R., and P. Saint-Andre, | |||
| "Recommendations for Secure Use of TLS and DTLS", draft- | "Recommendations for Secure Use of TLS and DTLS", draft- | |||
| ietf-uta-tls-bcp-07 (work in progress), November 2014. | ietf-uta-tls-bcp-08 (work in progress), December 2014. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", RFC | [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", RFC | |||
| 4949, August 2007. | 4949, August 2007. | |||
| [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | |||
| (TLS) Protocol Version 1.2", RFC 5246, August 2008. | (TLS) Protocol Version 1.2", RFC 5246, August 2008. | |||
| skipping to change at page 6, line 19 ¶ | skipping to change at page 6, line 22 ¶ | |||
| Protocol (XMPP): Core", RFC 6120, March 2011. | Protocol (XMPP): Core", RFC 6120, March 2011. | |||
| [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and | [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and | |||
| Verification of Domain-Based Application Service Identity | Verification of Domain-Based Application Service Identity | |||
| within Internet Public Key Infrastructure Using X.509 | within Internet Public Key Infrastructure Using X.509 | |||
| (PKIX) Certificates in the Context of Transport Layer | (PKIX) Certificates in the Context of Transport Layer | |||
| Security (TLS)", RFC 6125, March 2011. | Security (TLS)", RFC 6125, March 2011. | |||
| 6.2. Informative References | 6.2. Informative References | |||
| [I-D.ietf-dane-srv] | ||||
| Finch, T., Miller, M., and P. Saint-Andre, "Using DNS- | ||||
| Based Authentication of Named Entities (DANE) TLSA records | ||||
| with SRV and MX records.", draft-ietf-dane-srv-08 (work in | ||||
| progress), October 2014. | ||||
| [I-D.ietf-uta-tls-attacks] | [I-D.ietf-uta-tls-attacks] | |||
| Sheffer, Y., Holz, R., and P. Saint-Andre, "Summarizing | Sheffer, Y., Holz, R., and P. Saint-Andre, "Summarizing | |||
| Current Attacks on TLS and DTLS", draft-ietf-uta-tls- | Current Attacks on TLS and DTLS", draft-ietf-uta-tls- | |||
| attacks-05 (work in progress), October 2014. | attacks-05 (work in progress), October 2014. | |||
| [I-D.ietf-xmpp-dna] | [I-D.ietf-xmpp-dna] | |||
| Saint-Andre, P. and M. Miller, "Domain Name Associations | Saint-Andre, P. and M. Miller, "Domain Name Associations | |||
| (DNA) in the Extensible Messaging and Presence Protocol | (DNA) in the Extensible Messaging and Presence Protocol | |||
| (XMPP)", draft-ietf-xmpp-dna-08 (work in progress), | (XMPP)", draft-ietf-xmpp-dna-08 (work in progress), | |||
| October 2014. | October 2014. | |||
| [I-D.ietf-xmpp-posh] | [I-D.ietf-xmpp-posh] | |||
| Miller, M. and P. Saint-Andre, "PKIX over Secure HTTP | Miller, M. and P. Saint-Andre, "PKIX over Secure HTTP | |||
| (POSH)", draft-ietf-xmpp-posh-02 (work in progress), | (POSH)", draft-ietf-xmpp-posh-02 (work in progress), | |||
| October 2014. | October 2014. | |||
| [RFC3920] Saint-Andre, P., Ed., "Extensible Messaging and Presence | [RFC3920] Saint-Andre, P., Ed., "Extensible Messaging and Presence | |||
| Protocol (XMPP): Core", RFC 3920, October 2004. | Protocol (XMPP): Core", RFC 3920, October 2004. | |||
| [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. | ||||
| Rose, "DNS Security Introduction and Requirements", RFC | ||||
| 4033, March 2005. | ||||
| [RFC4422] Melnikov, A. and K. Zeilenga, "Simple Authentication and | [RFC4422] Melnikov, A. and K. Zeilenga, "Simple Authentication and | |||
| Security Layer (SASL)", RFC 4422, June 2006. | Security Layer (SASL)", RFC 4422, June 2006. | |||
| [RFC5386] Williams, N. and M. Richardson, "Better-Than-Nothing | [RFC5386] Williams, N. and M. Richardson, "Better-Than-Nothing | |||
| Security: An Unauthenticated Mode of IPsec", RFC 5386, | Security: An Unauthenticated Mode of IPsec", RFC 5386, | |||
| November 2008. | November 2008. | |||
| [RFC6066] Eastlake, D., "Transport Layer Security (TLS) Extensions: | [RFC6066] Eastlake, D., "Transport Layer Security (TLS) Extensions: | |||
| Extension Definitions", RFC 6066, January 2011. | Extension Definitions", RFC 6066, January 2011. | |||
| End of changes. 11 change blocks. | ||||
| 22 lines changed or deleted | 37 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||