From 002637c3092c737180e0da5d15f84d013541dc7e Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Wed, 20 May 2020 21:42:13 +0200 Subject: [PATCH] Add SASL Channel-Binding ProtoXEP to inbox/ --- inbox/xep-sasl-cb-types.xml | 118 ++++++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 inbox/xep-sasl-cb-types.xml diff --git a/inbox/xep-sasl-cb-types.xml b/inbox/xep-sasl-cb-types.xml new file mode 100644 index 00000000..51b22104 --- /dev/null +++ b/inbox/xep-sasl-cb-types.xml @@ -0,0 +1,118 @@ + +RFC 5056 RFC 5056: On the Use of Channel Bindings to Secure Channels <http://tools.ietf.org/html/rfc5056>." > + IANA Channel-Binding Types Registry IANA Channel-Binding Types Registry <https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml>." > + +%ents; +]> + + +
+ SASL Channel-Binding Type Capability + This specification allows servers to annouce their supported SASL channel-binding types to clients. + &LEGALNOTICE; + xxxx + ProtoXEP + Standards Track + Standards + Council + + XMPP Core + + + + sasl-cb-types + &flow; + + 0.0.1 + 2020-05-20 + fs +

First draft.

 + +
+ + +

SASL channel-binding is a technique to increase the security of + connections (&rfc5056;). Unfortunately, the SASL profile specified + in &rfc6120; lacks a method for the server to announce its supported + channel-binding types. This hinders the adoption of channel-binding, + especially since the error protocol to execute after a client + requested a channel-binding type unsupported by the server is + basically unspecified.

+ +

The extension defined herein fills the gap left by &rfc6120;, by + allowing the server the announce its supported channel-binding + types.

+ + + + + +

This protocol consists of a single optional extension element + named 'sasl-channel-binding' qualified by the 'urn:xmpp:sasl-cb:0' + namespace. The 'sasl-channel-binding' element MUST contain one or + more 'channel-binding' elements, of which each MUST have an + attribute with the name 'type'. The value of the 'type' attribute + SHOULD be the "Channel-binding unique prefix" of a channel-binding + type which was registered with the &iana-cb-types;.

+ +

A server declares that it supports particular channel-binding + types by listing the supported types via the 'sasl-channel-binding' + element defined herein. The 'sasl-channel-binding' element could + appear as child element to the SASL <mechanisms/> + stream-feature element, qualified by the + 'urn:ietf:params:xml:ns:xmpp-sasl' namespace, as specified in + &rfc6120;. Another potential appearance of + <sasl-channel-binding> is as child element of the + <mechanisms/> stream-feature element as specified in the + &xep0388;.

+ + + + EXTERNAL + SCRAM-SHA-1-PLUS + PLAIN + + + + + +]]> + + + + + +

The author belives that this document itself does not yield any + new security considerations.Hopefully somebody will correct him, in + case he is wrong.

+ + + + + +

This document requires no interaction with &IANA;.

+ + + + + +

This document requires no interaction with the XMPP registrar.

+ + + + + +

TODO: Add if the XEP is scheduled for the state after 'experimental'.

+ + + + + +

Thanks to Sam Whited for the discussion about the underlying + issue and incentivizing me to come up with this extension.

+ + + +