<remark>Per a vote of the Jabber Council, advanced status to Active.</remark>
</revision>
</header>
<section1topic='Introduction'>
<p>&rfc3514;, published just today (2003-04-01), defines a mechanism for specifying the "evil bit" in IPv4 in order to determine if a packet was sent with malicious intent. In Section 5 ("Related Work") of that RFC, reference is made to complementary mechanisms for other forms of evil such as IPv6 support and the application/evil MIME type. Because the &JSF; desires to maintain compliance with protocols developed by core Internet standards bodies, the current document defines a complementary mechanism for Jabber support of evil.</p>
</section1>
<section1topic='Requirements and Approach'>
<p>There are three basic Jabber stanza types that may be sent within XML streams:</p>
<ul>
<li><message/> -- a "push" medium for sending information to other entities.</li>
<li><presence/> -- a "broadcast" medium for publishing information to entities that have subscribed to an entity's availability status.</li>
<li><iq/> -- a "request-response" medium for executing basic but structured transactions with other entities.</li>
</ul>
<p>Any one of the foregoing data elements can be used with malicious intent. Therefore a generalized mechanism is needed. Because XML namespaces are used within Jabber to properly scope data, this document proposes a new namespace ('http://jabber.org/protocol/evil') to implement the desired functionality.</p>
</section1>
<section1topic='Use Cases'>
<section2topic='Evil Messages'>
<p>If a Jabber entity sends an evil message, it MUST include an appropriately namespaced extension in the message stanza:</p>
<p>Because the 'http://jabber.org/protocol/evil' namespace flags an XML stanza as malicious, it is critically important that an entity appropriately process an XML stanza that contains the evil extension. Mission-critical applications SHOULD ignore any stanzas tagged with the evil extension. Evil servers MAY pass through evil stanzas unmodified. Really evil servers MAY silently delete the evil extension. Jabber entities that are evil to the core SHOULD support channel-level evil as defined in RFC 3514, since this document defines per-stanza evil only.</p>