Update references to RFC 7712 (now out of draft)

Remove unused ref to the now out of draft dns-dna
This commit is contained in:
Sam Whited 2016-03-12 16:11:07 -06:00
parent 8843d98182
commit 7c185233b8
2 changed files with 8 additions and 4 deletions

View File

@ -26,6 +26,12 @@
&jer;
&stpeter;
&fippo;
<revision>
<version>1.1.1</version>
<date>2015-03-12</date>
<initials>ssw</initials>
<remark>Update DNA framework reference to RFC 7712.</remark>
</revision>
<revision>
<version>1.1</version>
<date>2014-08-05</date>
@ -196,7 +202,7 @@
<p>Traditionally, the verification accomplished in Server Dialback has depended on the Domain Name System (DNS) and the use of keys based on a shared secret known to all XMPP servers within a given administrative domain. It is a proof-of-possession protocol in the sense of &rfc4949; which asserts that the initiating server and the authoritative server are associated with each other. The relative strength or weakness of the verification depends in part on the strength or weakness of the process for resolving the domain names of the authoritative server; in particular, if DNSSEC is not used then Server Dialback results in weak identity verification, whereas if DNSSEC is used then Server Dialback can result in fairly strong identity verification.</p>
<p>Since October 2000, the use of Server Dialback (even absent DNSSEC) has made it more difficult to spoof the hostnames of servers (and therefore the addresses of sent messages) on the XMPP network.</p>
<p>Server Dialback is unidirectional, and results in verification for one XML stream in one direction. Because traditionally Server-to-Server connections are used unidirectionally, Server Dialback needs to be completed in each direction in order to enable bidirectional communication between two domains (unless &xep0288; is used).</p>
<p>Furthermore, because a separate TCP connection is mandated for each domain pair, the use of server dialback results in significant scalability challenges for large XMPP service providers that host many domains (see &dna-framework; for a possible solution).</p>
<p>Furthermore, because a separate TCP connection is mandated for each domain pair, the use of server dialback results in significant scalability challenges for large XMPP service providers that host many domains (see &rfc7712; for a possible solution).</p>
<p>Finally, dialback signalling can be used without basing the identity verification on checking of the dialback key provided by the Initiating Server. As one example, if Transport Layer Security (TLS) is used then the Receiving Server can attempt to verify the certificate presented by the Initiating Server, either according to the PKIX-based rules specified in &xep0178;, <cite>RFC 6120</cite>, and &rfc6125; or by checking that the public key or certificate of the Initiating Server matches a public key or certificate obtained via &posh;. However, this technique of using dialback signalling without verifying the dialback key (sometimes called "dialback without dialing back" since the Receiving Server does not contact the Authoritative Server) is not described in this document.</p>
</section2>

View File

@ -646,6 +646,7 @@ THE SOFTWARE.
<!ENTITY rfc7572 "<span class='ref'><link url='http://tools.ietf.org/html/rfc7572'>RFC 7572</link></span> <note>RFC 7572: Interworking between the Session Initiation Protocol (SIP) and the Extensible Messaging and Presence Protocol (XMPP): Instant Messaging &lt;<link url='http://tools.ietf.org/html/rfc7572'>http://tools.ietf.org/html/rfc7572</link>&gt;.</note>" >
<!ENTITY rfc7622 "<span class='ref'><link url='http://tools.ietf.org/html/rfc7622'>RFC 7622</link></span> <note>RFC 7622: Extensible Messaging and Presence Protocol (XMPP): Address Format &lt;<link url='http://tools.ietf.org/html/rfc7622'>http://tools.ietf.org/html/rfc7622</link>&gt;.</note>" >
<!ENTITY rfc7395 "<span class='ref'><link url='http://tools.ietf.org/html/rfc7395'>RFC 7395</link></span> <note>RFC 7395: An Extensible Messaging and Presence Protocol (XMPP) Subprotocol for WebSocket &lt;<link url='http://tools.ietf.org/html/rfc7395'>http://tools.ietf.org/html/rfc7395</link>&gt;.</note>" >
<!ENTITY rfc7712 "<span class='ref'><link url='http://tools.ietf.org/html/rfc7712'>RFC 7712</link></span> <note>RFC 7712: Domain Name Associations (DNA) in the Extensible Messaging and Presence Protocol (XMPP)&lt;<link url='http://tools.ietf.org/html/rfc7712'>http://tools.ietf.org/html/rfc7712</link>&gt;.</note>" >
<!-- Internet-Drafts -->
@ -653,8 +654,6 @@ THE SOFTWARE.
<!ENTITY atomsub "<span class='ref'><link url='http://xmpp.org/internet-drafts/draft-saintandre-atompub-notify-07.html'>AtomSub</link></span> <note>Atomsub: Transporting Atom Notifications over the Publish-Subscribe Extension to the Extensible Messaging and Presence Protocol (XMPP) &lt;<link url='http://xmpp.org/internet-drafts/draft-saintandre-atompub-notify-07.html'>http://xmpp.org/internet-drafts/draft-saintandre-atompub-notify-07.html</link>&gt;. Work in progress.</note>" >
<!ENTITY bundle "<span class='ref'><link url='https://datatracker.ietf.org/doc/draft-ietf-mmusic-sdp-bundle-negotiation/'>draft-ietf-mmusic-sdp-bundle-negotiation</link></span> <note>Negotiating Media Multiplexing Using the Session Description Protocol (SDP) &lt;<link url='https://datatracker.ietf.org/doc/draft-ietf-mmusic-sdp-bundle-negotiation/'>https://datatracker.ietf.org/doc/draft-ietf-mmusic-sdp-bundle-negotiation/</link>&gt;. Work in progress.</note>" >
<!ENTITY cusax "<span class='ref'><link url='https://datatracker.ietf.org/doc/draft-ivov-xmpp-cusax/'>CUSAX</link></span> <note>CUSAX: Combined Use of the Session Initiation Protocol (SIP) and the Extensible Messaging and Presence Protocol (XMPP) &lt;<link url='https://datatracker.ietf.org/doc/draft-ivov-xmpp-cusax/'>https://datatracker.ietf.org/doc/draft-ivov-xmpp-cusax/</link>&gt;. Work in progress.</note>" >
<!ENTITY dna-dns "<span class='ref'><link url='http://datatracker.ietf.org/doc/draft-miller-xmpp-dnssec-prooftype/'>draft-miller-xmpp-dnssec-prooftype</link></span> <note>Using DNS Security Extensions (DNSSEC) and DNS-based Authentication of Named Entities (DANE) as a Prooftype for XMPP Domain Name Associations &lt;<link url='http://datatracker.ietf.org/doc/draft-miller-xmpp-dnssec-prooftype/'>http://datatracker.ietf.org/doc/draft-miller-xmpp-dnssec-prooftype/</link>&gt;. Work in progress.</note>" >
<!ENTITY dna-framework "<span class='ref'><link url='http://datatracker.ietf.org/doc/draft-ietf-xmpp-dna/'>DNA</link></span> <note>Domain Name Associations (DNA) in the Extensible Messaging and Presence Protocol (XMPP) &lt;<link url='http://datatracker.ietf.org/doc/draft-ietf-xmpp-dna/'>http://datatracker.ietf.org/doc/draft-ietf-xmpp-dna/</link>&gt;. Work in progress.</note>" >
<!ENTITY dtlssrtp "<span class='ref'><link url='http://tools.ietf.org/html/draft-ietf-avt-dtls-srtp'>DTLS-SRTP</link></span> <note>Datagram Transport Layer Security (DTLS) Extension to Establish Keys for Secure Real-time Transport Protocol (SRTP) &lt;<link url='http://tools.ietf.org/html/draft-ietf-avt-dtls-srtp'>http://tools.ietf.org/html/draft-ietf-avt-dtls-srtp</link>&gt;. Work in progress.</note>" >
<!ENTITY geoprivpol "<span class='ref'><link url='http://tools.ietf.org/html/draft-ietf-geopriv-policy'>Geopriv Policy</link></span> <note>Geopriv Policy &lt;<link url='http://tools.ietf.org/html/draft-ietf-geopriv-policy'>http://tools.ietf.org/html/draft-ietf-geopriv-policy</link>&gt;. Work in progress.</note>" >
<!ENTITY iax "<span class='ref'><link url='http://tools.ietf.org/html/draft-guy-iax'>IAX</link></span> <note>IAX: Inter-Asterisk eXchange Version 2 &lt;<link url='http://tools.ietf.org/html/draft-guy-iax'>http://tools.ietf.org/html/draft-ietf-guy-iax</link>&gt;. Work in progress.</note>" >
@ -709,7 +708,6 @@ IANA Service Location Protocol, Version 2 (SLPv2) Templates</link></span> <note>
<!ENTITY xmpp "<span class='ref'><link url='http://xmpp.org/'>XMPP</link></span> <note>Extensible Messaging and Presence Protocol (XMPP) &lt;<link url='http://xmpp.org/'>http://xmpp.org/</link>&gt;.</note>" >
<!ENTITY xmppcore "<span class='ref'><link url='http://tools.ietf.org/html/rfc6120'>XMPP Core</link></span> <note>RFC 6120: Extensible Messaging and Presence Protocol (XMPP): Core &lt;<link url='http://tools.ietf.org/html/rfc6120'>http://tools.ietf.org/html/rfc6120</link>&gt;.</note>" >
<!ENTITY xmppcpim "<span class='ref'><link url='http://tools.ietf.org/html/rfc3922'>XMPP CPIM</link></span> <note>RFC 3922: Mapping the Extensible Messaging and Presence Protocol (XMPP) to Common Presence and Instant Messaging (CPIM) &lt;<link url='http://tools.ietf.org/html/rfc3922'>http://tools.ietf.org/html/rfc3922</link>&gt;.</note>" >
<!ENTITY xmppdna "<span class='ref'><link url='http://tools.ietf.org/html/draft-ietf-xmpp-dna'>Domain Name Assertions</link></span> <note>Domain Name Assertions &lt;<link url='http://tools.ietf.org/html/draft-ietf-xmpp-dna'>http://tools.ietf.org/html/draft-ietf-xmpp-dna</link>&gt;.</note>" >
<!ENTITY xmppe2e "<span class='ref'><link url='http://tools.ietf.org/html/rfc3923'>XMPP E2E</link></span> <note>RFC 3923: End-to-End Signing and Object Encryption for the Extensible Messaging and Presence Protocol (XMPP) &lt;<link url='http://tools.ietf.org/html/rfc3923'>http://tools.ietf.org/html/rfc3923</link>&gt;.</note>" >
<!ENTITY xmppim "<span class='ref'><link url='http://tools.ietf.org/html/rfc6121'>XMPP IM</link></span> <note>RFC 6121: Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence &lt;<link url='http://tools.ietf.org/html/rfc6121'>http://tools.ietf.org/html/rfc6121</link>&gt;.</note>" >
<!ENTITY xmppiri "<span class='ref'><link url='http://tools.ietf.org/html/rfc5122'>XMPP URI Scheme</link></span> <note>Internationalized Resource Identifiers (IRIs) and Uniform Resource Identifiers (URIs) for the Extensible Messaging and Presence Protocol (XMPP) &lt;<link url='http://tools.ietf.org/html/rfc5122'>http://tools.ietf.org/html/rfc5122</link>&gt;.</note>" >