The IESG has approved the following document: - 'Domain Name Associations (DNA) in the Extensible Messaging and Presence Protocol (XMPP)' (draft-ietf-xmpp-dna-11.txt) as Proposed Standard This document is the product of the Extensible Messaging and Presence Protocol Working Group. The IESG contact persons are Barry Leiba, Ben Campbell and Alissa Cooper. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-xmpp-dna/ Technical Summary This document defines the XMPP Domain Name Association (DNA) framework. The abstract states the document does two things to improve security in XMPP: "First, it specifies how to establish a strong association between a domain name and an XML stream, using the concept of "prooftypes". Second, it describes how to securely delegate a service domain name (e.g., example.com) to a target server host name (e.g., hosting.example.net) [...]" Overall, the document establishes a framework for server authentication mechanisms, known as "prooftypes", by which servers can provide multiple forms of proof of their identity to both clients and other peer servers. Working Group Summary The Working Group believes the document is ready to be used as the base framework, and indeed is already so used by draft-ietf-xmpp-posh. On that basis it is requested to be published as a Standards Track document at "Proposed Standard". Document Quality The majority of reviews concentrated on two areas: a) Avoiding the considerable overlap between this document and several others, including RFC 6120, RFC 6125, XEP-0220, XEP-0288 and XEP-0344. b) Correcting errors within the (highly complex) area of server to server authentication. It should be noted that much of the document is simply describing the state of the art with respect to server to server authentication, which is spread over several documents, and noting the points where authentication and authorization decisions are required. The chairs believe that consensus has been reached for the document to be published. As this document essentially distils the somewhat scattered specification and knowledge of S2S auth, it would be fair to say it has high implementation already, however multiple implementations have adopted the model described in this document as the basis for work underway for DANE, POSH and other prooftypes. Personnel The Document Shepherd is Dave Cridland. The responsible Area Director is Ben Campbell.
