| draft-ietf-uta-xmpp-00.txt | draft-ietf-uta-xmpp-01.txt | |||
|---|---|---|---|---|
| Network Working Group P. Saint-Andre | Network Working Group P. Saint-Andre | |||
| Internet-Draft &yet | Internet-Draft &yet | |||
| Updates: 6120 (if approved) T. Alkemade | Updates: 6120 (if approved) T. Alkemade | |||
| Intended status: Standards Track | Intended status: Standards Track | |||
| Expires: September 28, 2014 March 27, 2014 | Expires: March 15, 2015 September 11, 2014 | |||
| Use of Transport Layer Security (TLS) in the Extensible Messaging and | Use of Transport Layer Security (TLS) in the Extensible Messaging and | |||
| Presence Protocol (XMPP) | Presence Protocol (XMPP) | |||
| draft-ietf-uta-xmpp-00 | draft-ietf-uta-xmpp-01 | |||
| Abstract | Abstract | |||
| This document provides recommendations for the use of Transport Layer | This document provides recommendations for the use of Transport Layer | |||
| Security (TLS) in the Extensible Messaging and Presence Protocol | Security (TLS) in the Extensible Messaging and Presence Protocol | |||
| (XMPP). This document updates RFC 6120. | (XMPP). This document updates RFC 6120. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| skipping to change at page 1, line 34 | skipping to change at page 1, line 34 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 28, 2014. | This Internet-Draft will expire on March 15, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 3. Discussion Venue . . . . . . . . . . . . . . . . . . . . . . 3 | 3. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 3 | 3.1. Support for TLS . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4.1. Support for TLS . . . . . . . . . . . . . . . . . . . . . 3 | 3.2. Protocol Versions . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4.2. Protocol Versions . . . . . . . . . . . . . . . . . . . . 3 | 3.3. Cipher Suites . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4.3. Cipher Suites . . . . . . . . . . . . . . . . . . . . . . 3 | 3.4. Public Key Length . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4.4. Public Key Length . . . . . . . . . . . . . . . . . . . . 3 | 3.5. Compression . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4.5. Compression . . . . . . . . . . . . . . . . . . . . . . . 3 | 3.6. Session Resumption . . . . . . . . . . . . . . . . . . . 4 | |||
| 4.6. Session Resumption . . . . . . . . . . . . . . . . . . . 4 | 3.7. Authenticated Connections . . . . . . . . . . . . . . . . 4 | |||
| 4.7. Authenticated Connections . . . . . . . . . . . . . . . . 4 | 3.8. Unauthenticated Connections . . . . . . . . . . . . . . . 4 | |||
| 4.8. Unauthenticated Connections . . . . . . . . . . . . . . . 4 | 3.9. Server Name Indication . . . . . . . . . . . . . . . . . 4 | |||
| 4.9. Server Name Indication . . . . . . . . . . . . . . . . . 4 | 3.10. Human Factors . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4.10. Human Factors . . . . . . . . . . . . . . . . . . . . . . 5 | 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 5. Implementation Notes . . . . . . . . . . . . . . . . . . . . 5 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 5 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 | 6.1. Normative References . . . . . . . . . . . . . . . . . . 6 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 6.2. Informative References . . . . . . . . . . . . . . . . . 6 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 6 | Appendix A. Implementation Notes . . . . . . . . . . . . . . . . 7 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 6 | Appendix B. Acknowledgements . . . . . . . . . . . . . . . . . . 7 | |||
| 8.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 8 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 8 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | ||||
| 1. Introduction | 1. Introduction | |||
| The Extensible Messaging and Presence Protocol (XMPP) [RFC6120] | The Extensible Messaging and Presence Protocol (XMPP) [RFC6120] | |||
| (along with its precursor, the so-called "Jabber protocol") has used | (along with its precursor, the so-called "Jabber protocol") has used | |||
| Transport Layer Security (TLS) [RFC5246] (along with its precursor, | Transport Layer Security (TLS) [RFC5246] (along with its precursor, | |||
| Secure Sockets Layer or SSL) since 1999. Both [RFC6120] and its | Secure Sockets Layer or SSL) since 1999. Both [RFC6120] and its | |||
| predecessor [RFC3920] provided recommendations regarding the use of | predecessor [RFC3920] provided recommendations regarding the use of | |||
| TLS in XMPP. In order to address the evolving threat model on the | TLS in XMPP. In order to address the evolving threat model on the | |||
| Internet today (see, for example, [I-D.trammell-perpass-ppa]), this | Internet today, this document provides stronger recommendations based | |||
| document provides stronger recommendations (see also | on [I-D.ietf-uta-tls-bcp]. This document updates [RFC6120]. | |||
| [I-D.ietf-uta-tls-bcp]). This document updates [RFC6120]. | ||||
| 2. Terminology | 2. Terminology | |||
| Various security-related terms are to be understood in the sense | Various security-related terms are to be understood in the sense | |||
| defined in [RFC4949]. | defined in [RFC4949]. | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in | |||
| [RFC2119]. | [RFC2119]. | |||
| 3. Discussion Venue | 3. Recommendations | |||
| The discussion venue for this document is the mailing list of the | ||||
| XMPP Working Group, for which archives and subscription information | ||||
| can be found at [1]. Discussion might also occur on the mailing list | ||||
| of the UTA Working Group, for which archives and subscription | ||||
| information can be found at [2]. | ||||
| 4. Recommendations | ||||
| 4.1. Support for TLS | 3.1. Support for TLS | |||
| Support for TLS (specifically, the XMPP profile of STARTTLS) is | Support for TLS (specifically, the XMPP profile of STARTTLS) is | |||
| mandatory for XMPP implementations, as already specified in [RFC6120] | mandatory for XMPP implementations, as already specified in [RFC6120] | |||
| and its predecessor [RFC3920]. | and its predecessor [RFC3920]. | |||
| If the server to which an XMPP client or peer server connects does | If the server to which a client or peer server connects does not | |||
| not offer a stream feature of <starttls xmlns='urn:ietf:params:xml:ns | offer a stream feature of <starttls xmlns='urn:ietf:params:xml:ns | |||
| :xmpp-tls'/> (thus indicating that it is an XMPP 1.0 server that | :xmpp-tls'/> (thus indicating that it is an XMPP 1.0 server that | |||
| supports TLS), the initiating entity MUST NOT proceed with the stream | supports TLS), the initiating entity MUST NOT proceed with the stream | |||
| negotiation and MUST instead abort the connection attempt. Although | negotiation and MUST instead abort the connection attempt. Although | |||
| XMPP servers SHOULD include the <required/> child element to indicate | XMPP servers SHOULD include the <required/> child element to indicate | |||
| that negotiation of TLS is mandatory, clients and peer servers MUST | that negotiation of TLS is mandatory, clients and peer servers MUST | |||
| NOT depend on receiving the <required/> flag in determining whether | NOT depend on receiving the <required/> flag in determining whether | |||
| TLS will be enforced for the stream. | TLS will be enforced for the stream. | |||
| 4.2. Protocol Versions | 3.2. Protocol Versions | |||
| Implementations MUST follow the recommendations in | Implementations MUST follow the recommendations in | |||
| [I-D.ietf-uta-tls-bcp] as to supporting various TLS versions and | [I-D.ietf-uta-tls-bcp] as to supporting various TLS versions and | |||
| avoiding fallback to SSL. | avoiding fallback to SSL. | |||
| 4.3. Cipher Suites | 3.3. Cipher Suites | |||
| Implementations MUST follow the recommendations in | Implementations MUST follow the recommendations in | |||
| [I-D.ietf-uta-tls-bcp]. | [I-D.ietf-uta-tls-bcp]. | |||
| 4.4. Public Key Length | 3.4. Public Key Length | |||
| Implementations MUST follow the recommendations in | Implementations MUST follow the recommendations in | |||
| [I-D.ietf-uta-tls-bcp]. | [I-D.ietf-uta-tls-bcp]. | |||
| 4.5. Compression | 3.5. Compression | |||
| Implementations MUST follow the recommendations in | Implementations MUST follow the recommendations in | |||
| [I-D.ietf-uta-tls-bcp]. | [I-D.ietf-uta-tls-bcp]. | |||
| XMPP supports an application-layer compression technology [XEP-0138], | XMPP supports an application-layer compression technology [XEP-0138], | |||
| which might have slightly stronger security properties than TLS (at | which might have slightly stronger security properties than TLS (at | |||
| least because it is enabled after SASL authentication, as described | least because it is enabled after SASL authentication, as described | |||
| in [XEP-0170]). | in [XEP-0170]). | |||
| 4.6. Session Resumption | 3.6. Session Resumption | |||
| Implementations MUST follow the recommendations in | Implementations MUST follow the recommendations in | |||
| [I-D.ietf-uta-tls-bcp]. | [I-D.ietf-uta-tls-bcp]. | |||
| Use of session IDs [RFC5246] is RECOMMENDED instead of session | Use of session IDs [RFC5246] is RECOMMENDED instead of session | |||
| tickets [RFC5077], since XMPP does not in general use state | tickets [RFC5077], since XMPP does not in general use state | |||
| management technologies such as tickets or "cookies" [RFC6265]. | management technologies such as tickets or "cookies" [RFC6265]. | |||
| Note that, in XMPP, TLS session resumption can be used in concert | In XMPP, TLS session resumption can be used in concert with the XMPP | |||
| with the XMPP Stream Management extension; see [XEP-0198] for further | Stream Management extension; see [XEP-0198] for further details. | |||
| details. | ||||
| 4.7. Authenticated Connections | 3.7. Authenticated Connections | |||
| Both the core XMPP specification [RFC6120] and the "CertID" | Both the core XMPP specification [RFC6120] and the "CertID" | |||
| specification [RFC6125] provide recommendations and requirements for | specification [RFC6125] provide recommendations and requirements for | |||
| certificate validation in the context of authenticated connections. | certificate validation in the context of authenticated connections. | |||
| This document does not supersede those specifications. Wherever | This document does not supersede those specifications. Wherever | |||
| possible, it is best to prefer authenticated connections (along with | possible, it is best to prefer authenticated connections (along with | |||
| SASL [RFC4422]), as already stated in the core XMPP specification | SASL [RFC4422]), as already stated in the core XMPP specification | |||
| [RFC6120]. In particular, clients MUST authenticate servers. | [RFC6120]. In particular, clients MUST authenticate servers. | |||
| 4.8. Unauthenticated Connections | 3.8. Unauthenticated Connections | |||
| Given the pervasiveness of passive eavesdropping, even an | Given the pervasiveness of passive eavesdropping, even an | |||
| unauthenticated connection might be better than an unencrypted | unauthenticated connection might be better than an unencrypted | |||
| connection (this is similar to the "better than nothing security" | connection (this is similar to the "better than nothing security" | |||
| approach for IPsec [RFC5386]). In particular, because of current | approach for IPsec [RFC5386]). In particular, because of current | |||
| deployment challenges for authenticated connections between XMPP | deployment challenges for authenticated connections between XMPP | |||
| servers (see [I-D.ietf-xmpp-dna] for details), it might be reasonable | servers (see [I-D.ietf-xmpp-dna] for details), it might be reasonable | |||
| for XMPP server implementations to accept unauthenticated connections | for XMPP server implementations to accept unauthenticated connections | |||
| when the Server Dialback protocol [XEP-0220] is used for weak | when the Server Dialback protocol [XEP-0220] is used for weak | |||
| identity verification; this will at least enable encryption of | identity verification; this will at least enable encryption of | |||
| server-to-server connections. Unauthenticated connections include | server-to-server connections. Unauthenticated connections include | |||
| connections negotiated using anonymous Diffie-Hellman algorithms or | connections negotiated using anonymous Diffie-Hellman algorithms or | |||
| using self-signed certificates, among other scenarios. | using self-signed certificates, among other scenarios. | |||
| 4.9. Server Name Indication | 3.9. Server Name Indication | |||
| Although there is no harm in supporting the TLS Server Name | Although there is no harm in supporting the TLS Server Name | |||
| Indication (SNI) extension [RFC6066], this is not necessary since the | Indication (SNI) extension [RFC6066], this is not necessary since the | |||
| same function is served in XMPP by the 'to' address of the initial | same function is served in XMPP by the 'to' address of the initial | |||
| stream header as explained in Section 4.7.2 of [RFC6120]. | stream header as explained in Section 4.7.2 of [RFC6120]. | |||
| 4.10. Human Factors | 3.10. Human Factors | |||
| It is RECOMMENDED that XMPP clients provide ways for end users (and | It is RECOMMENDED that XMPP clients provide ways for end users (and | |||
| that XMPP servers provide ways for administators) to complete the | that XMPP servers provide ways for administrators) to complete the | |||
| following tasks: | following tasks: | |||
| o Determine if a client-to-server or server-to-server connection is | o Determine if a client-to-server or server-to-server connection is | |||
| encrypted and authenticated. | encrypted and authenticated. | |||
| o Determine the version of TLS used for a client-to-server or | o Determine the version of TLS used for a client-to-server or | |||
| server-to-server connection. | server-to-server connection. | |||
| o Inspect the certificate offered by an XMPP server. | o Inspect the certificate offered by an XMPP server. | |||
| o Determine the cipher suite used to encrypt a connection. | o Determine the cipher suite used to encrypt a connection. | |||
| o Be warned if the certificate changes for a given server. | o Be warned if the certificate changes for a given server. | |||
| 5. Implementation Notes | 4. IANA Considerations | |||
| Some governments enforce legislation prohibiting the export of strong | ||||
| cryptographic technologies. Nothing in this document ought to be | ||||
| taken as advice to violate such prohibitions. | ||||
| 6. IANA Considerations | ||||
| This document requests no actions of the IANA. | This document requests no actions of the IANA. | |||
| 7. Security Considerations | 5. Security Considerations | |||
| As noted in "A Threat Model for Pervasive Passive Surveillance" | The use of TLS can help limit the information available for | |||
| [I-D.trammell-perpass-ppa]), the use of TLS can help limit the | correlation to the network and transport layer headers as opposed to | |||
| information available for correlation to the network and transport | the application layer. As typically deployed, XMPP technologies do | |||
| layer headers as opposed to the application layer. As typically | not leave application-layer routing data (such as XMPP 'to' and | |||
| deployed, XMPP technologies do not leave application-layer routing | 'from' addresses) at rest on intermediate systems, since there is | |||
| data (such as XMPP 'to' and 'from' addresses) at rest on intermediate | only one hop between any two given XMPP servers. As a result, | |||
| systems, since there is only one hop between any two given XMPP | encrypting all hops (sending client to sender's server, sender's | |||
| servers. As a result, encrypting all hops (sending client to | server to recipient's server, recipient's server to recipient's | |||
| sender's server, sender's server to recipient's server, recipient's | client) can help to limit the amount of "metadata" that might leak. | |||
| server to recipient's client) can help to limit the amount of | ||||
| "metadata" that might leak. | ||||
| It is possible that XMPP servers themselves might be compromised. In | It is possible that XMPP servers themselves might be compromised. In | |||
| that case, per-hop encryption would not protect XMPP communications, | that case, per-hop encryption would not protect XMPP communications, | |||
| and even end-to-end encryption of (parts of) XMPP stanza payloads | and even end-to-end encryption of (parts of) XMPP stanza payloads | |||
| would leave addressing information and XMPP roster data in the clear. | would leave addressing information and XMPP roster data in the clear. | |||
| By the same token, it is possible that XMPP clients (or the end-user | By the same token, it is possible that XMPP clients (or the end-user | |||
| devices on which such clients are installed) could also be | devices on which such clients are installed) could also be | |||
| compromised, leaving users utterly at the mercy of an adversary. | compromised, leaving users utterly at the mercy of an adversary. | |||
| This document, along with actions currently being taken to strenthen | This document and related actions to strengthen the security of the | |||
| the security of the XMPP network, do not assume widespread compromise | XMPP network are based on the assumption that XMPP servers and | |||
| of XMPP servers and clients or their underlying operating systems or | clients have not been subject to widespread compromise. If this | |||
| hardware. Thus it is assumed that ubiquitous use of per-hop TLS | assumption is valid, then ubiquitous use of per-hop TLS channel | |||
| channel encryption and more significant deployment of end-to-end | encryption and more significant deployment of end-to-end object | |||
| object encryption technologies will serve to protect XMPP | encryption technologies will serve to protect XMPP communications to | |||
| communications to a measurable degree, compared to the alternatives. | a measurable degree, compared to the alternatives. | |||
| 8. References | 6. References | |||
| 8.1. Normative References | 6.1. Normative References | |||
| [I-D.ietf-uta-tls-bcp] | ||||
| Sheffer, Y., Holz, R., and P. Saint-Andre, | ||||
| "Recommendations for Secure Use of TLS and DTLS", draft- | ||||
| ietf-uta-tls-bcp-02 (work in progress), August 2014. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", RFC | [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", RFC | |||
| 4949, August 2007. | 4949, August 2007. | |||
| [RFC5077] Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig, | [RFC5077] Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig, | |||
| "Transport Layer Security (TLS) Session Resumption without | "Transport Layer Security (TLS) Session Resumption without | |||
| Server-Side State", RFC 5077, January 2008. | Server-Side State", RFC 5077, January 2008. | |||
| skipping to change at page 6, line 43 | skipping to change at page 6, line 38 | |||
| [RFC6120] Saint-Andre, P., "Extensible Messaging and Presence | [RFC6120] Saint-Andre, P., "Extensible Messaging and Presence | |||
| Protocol (XMPP): Core", RFC 6120, March 2011. | Protocol (XMPP): Core", RFC 6120, March 2011. | |||
| [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and | [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and | |||
| Verification of Domain-Based Application Service Identity | Verification of Domain-Based Application Service Identity | |||
| within Internet Public Key Infrastructure Using X.509 | within Internet Public Key Infrastructure Using X.509 | |||
| (PKIX) Certificates in the Context of Transport Layer | (PKIX) Certificates in the Context of Transport Layer | |||
| Security (TLS)", RFC 6125, March 2011. | Security (TLS)", RFC 6125, March 2011. | |||
| 8.2. Informative References | 6.2. Informative References | |||
| [I-D.ietf-uta-tls-bcp] | ||||
| Sheffer, Y., Holz, R., and P. Saint-Andre, | ||||
| "Recommendations for Secure Use of TLS and DTLS", draft- | ||||
| ietf-uta-tls-bcp-00 (work in progress), March 2014. | ||||
| [I-D.ietf-xmpp-dna] | [I-D.ietf-xmpp-dna] | |||
| Saint-Andre, P. and M. Miller, "Domain Name Associations | Saint-Andre, P. and M. Miller, "Domain Name Associations | |||
| (DNA) in the Extensible Messaging and Presence Protocol | (DNA) in the Extensible Messaging and Presence Protocol | |||
| (XMPP)", draft-ietf-xmpp-dna-05 (work in progress), | (XMPP)", draft-ietf-xmpp-dna-06 (work in progress), June | |||
| February 2014. | 2014. | |||
| [I-D.trammell-perpass-ppa] | ||||
| Trammell, B., Borkmann, D., and C. Huitema, "A Threat | ||||
| Model for Pervasive Passive Surveillance", draft-trammell- | ||||
| perpass-ppa-01 (work in progress), November 2013. | ||||
| [RFC3920] Saint-Andre, P., Ed., "Extensible Messaging and Presence | [RFC3920] Saint-Andre, P., Ed., "Extensible Messaging and Presence | |||
| Protocol (XMPP): Core", RFC 3920, October 2004. | Protocol (XMPP): Core", RFC 3920, October 2004. | |||
| [RFC4422] Melnikov, A. and K. Zeilenga, "Simple Authentication and | [RFC4422] Melnikov, A. and K. Zeilenga, "Simple Authentication and | |||
| Security Layer (SASL)", RFC 4422, June 2006. | Security Layer (SASL)", RFC 4422, June 2006. | |||
| [RFC5386] Williams, N. and M. Richardson, "Better-Than-Nothing | [RFC5386] Williams, N. and M. Richardson, "Better-Than-Nothing | |||
| Security: An Unauthenticated Mode of IPsec", RFC 5386, | Security: An Unauthenticated Mode of IPsec", RFC 5386, | |||
| November 2008. | November 2008. | |||
| skipping to change at page 8, line 5 | skipping to change at page 7, line 32 | |||
| [XEP-0198] | [XEP-0198] | |||
| Karneges, J., Saint-Andre, P., Hildebrand, J., Forno, F., | Karneges, J., Saint-Andre, P., Hildebrand, J., Forno, F., | |||
| Cridland, D., and M. Wild, "Stream Management", XSF XEP | Cridland, D., and M. Wild, "Stream Management", XSF XEP | |||
| 0198, June 2011. | 0198, June 2011. | |||
| [XEP-0220] | [XEP-0220] | |||
| Miller, J., Saint-Andre, P., and P. Hancke, "Server | Miller, J., Saint-Andre, P., and P. Hancke, "Server | |||
| Dialback", XSF XEP 0220, September 2013. | Dialback", XSF XEP 0220, September 2013. | |||
| 8.3. URIs | Appendix A. Implementation Notes | |||
| [1] https://www.ietf.org/mailman/listinfo/xmpp | ||||
| [2] https://www.ietf.org/mailman/listinfo/uta | Some governments enforce legislation prohibiting the export of strong | |||
| cryptographic technologies. Nothing in this document ought to be | ||||
| taken as advice to violate such prohibitions. | ||||
| Appendix A. Acknowledgements | Appendix B. Acknowledgements | |||
| Thanks to the following individuals for their input: Dave Cridland, | Thanks to the following individuals for their input: Dave Cridland, | |||
| Philipp Hancke, Olle Johansson, Steve Kille, Tobias Markmann, Matt | Philipp Hancke, Olle Johansson, Steve Kille, Tobias Markmann, Matt | |||
| Miller, and Rene Treffer. | Miller, and Rene Treffer. | |||
| Authors' Addresses | Authors' Addresses | |||
| Peter Saint-Andre | Peter Saint-Andre | |||
| &yet | &yet | |||
| P.O. Box 787 | ||||
| Parker, CO 80134 | ||||
| USA | ||||
| Email: ietf@stpeter.im | Email: peter@andyet.net | |||
| Thijs Alkemade | Thijs Alkemade | |||
| Email: me@thijsalkema.de | Email: me@thijsalkema.de | |||
| End of changes. 32 change blocks. | ||||
| 100 lines changed or deleted | 77 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||