One Small Voice: The Journal of Peter Saint-Andre

RFC 7711 and RFC 7712: POSH and DNA


Today the IETF published two intertwined specifications that I've co-authored with a few folks in the XMPP community: RFC 7711 and RFC 7712.

RFC 7711 - PKIX over Secure HTTP or "POSH" - defines a way to retrieve digital certificates for application servers over HTTPS, essentially as an alternative method for bootstrapping trust in cases where it's not feasible for a service provider to obtain the proper certificates through a certification authority (CA). Once upon a time I wrote a humorous POSH-ian Play to explain the need for this protocol; some people remain unconvinced but they don't have to operate XMPP services in multi-tenanted environments.

RFC 7712 - Domain Name Associations ("DNA") in XMPP - formalizes the methods for checking the association between a domain name and an XML stream in XMPP, which is necessary for proper security. Traditionally we've relied on CA-issued digital certificates to establish such associations, but now that we have DNSSEC/DANE (see RFC 7673 and POSH two more methods can be used, thus expanding our toolkit for XMPP security.

Thanks to Matt Miller and Philipp Hancke for working with me on these specs!



With just over a year until the election of the 44th person who will preside over the affairs of the U.S. governmment, we have entered again the silly season of American politics. Although I pay as little attention to this circus as possible, at times it can be hard to ignore. Yet it is eminently worth ignoring, despite all the forces and voices that hector me from all sides. First, my vote (if I even cast one) has no bearing on the outcome. Second, democracy in America is actually an oligarchy, as all elective democracies are (there's a good reason why the ancient Greeks favored sortition over election as a method for choosing those who would exercise power). Third, the purpose of our modern two-party state is for the elites to divide and conquer the people through a particularly insidious application of in-group/out-group psychology. Fourth, just about everything in life - friends, family, work, community, science, technology, the arts, the environment, ideas, values, the conduct of life - is more important than mere politics, and it's always best to focus on what is more important at the expense of what is less important.

Some would say I am apolitical. No, I am actively anti-political. I have come to the conclusion that electoral politics is, by its very nature, a deeply corrupting influence on the soul of the individual and the course of society. Even though as one small voice there is very little I can do to counter that influence, the fact that I am effectively powerless will not stop me from expressing my utter disdain for the oligarchy that rules us and the political methods they wield to divide the people and cling to power.

Minerval Arts


More and more I am struck by an essential similarity in the aims of various philosophies and religions: through reason and reflection to place some distance between impulse and action. These schools have different techniques, but there is a family resemblance among them; they are like an intellectual analogue of the martial arts (the arts of Mars, the Roman god of war - we could say that philosophies are the arts of Minerva, goddess of wisdom). Just as someone who has earned a black belt in, say, aikido starts over as a white belt in jiu-jitsu, so a master of, say, Taoism would start over as a beginner in Stoicism. My lifelong philosophy project is in large measure an exploration of the methods that six secular thinkers (Rand, Nietzsche, Aristotle, Thoreau, Epicurus, and Lao Tzu) have devised to help individuals achieve the goals of self-discipline and self-mastery. Unfortunately, we have lost the ancient conception of philosophy as the love and practice of wisdom. Thus (with the possible exception of Taoism) we don't have schools, communities, and traditions of the minerval arts, in which their lessons are passed down, shared, and applied among friends and associates who share a common outlook on life. This lack of historical continuity with the original meaning of philosophy makes it even harder than it already is to live a life of continual self-examination and self-improvement. Hopefully I'm doing my share to make that great task a bit easier...



Traditionally, connections to Internet services such as websites are secured using SSL/TLS with digital certificates issued by third-party certification authorities. Because this dependency on CAs isn't always a good thing (can you say Diginotar?), building atop DNSSEC some smart folks at the IETF designed DANE as a way for application service providers to specify their own keying material. This works just fine for protocols like HTTP in which a client to look up a server "directly" using DNS A or AAAA records. However, it doesn't work for protocols like IMAP or XMPP in which a client uses DNS SRV records to find the server to which it will ultimately connect. Because we care about this scenario in the Jabber/XMPP community, Matt Miller and I volunteered to help Tony Finch finish his initial work to fill this gap. The resulting document was published today as RFC 7673. Security FTW!

RFC 7649: The Jabber Scribe Role at IETF Meetings


During its thrice-yearly meetings, the Internet Engineering Task Force makes fairly heavy use of chatrooms powered by Jabber/XMPP technologies (which only makes sense because XMPP was standardized by the IETF). These chatrooms are used mainly as a way for remote participants to send comments to the physical meeting room. Thus arises the need for what we call "Jabber scribes" - folks at the meeting who volunteer to relay comments from the chatroom at the microphone and otherwise help to improve the experience for remote participants. Those who volunteer for this role often wonder if there are some guidelines they can follow, so Dan York and I have helpfully obliged by writing RFC 7649. Happy scribing!

Economic Autarky at Walden Pond


Readers of Thoreau's Walden might be forgiven for thinking that his experiment in living was one of economic autarky. The way he describes things in the section on "Economy" certainly give that impression. For instance, after detailing his expenses, he states that "my whole income from the farm was $23.44".

Yet in a journal entry from October 4, 1857, he notes that "while I lived in the woods I did various jobs about the town - some fence-building, painting, gardening, carpentering, etc., etc." He then describes some of these odd jobs and says that he charged only a dollar a day (earning at least $9 just from the two masonry and fence-building jobs he happens to mention in this journal entry - apparently there many more). Thus Thoreau was perhaps more of a freelancer than the hermit he's commonly made out to be, even during the mere two years that he lived at Walden Pond in relative isolation.

For older entries, check the archive. To track changes, follow the feed.

Peter Saint-Andre > Journal