moparisthebest
/
xeps
mirror of https://github.com/moparisthebest/xeps
1
0
Fork 0
Code Issues Releases Wiki Activity

Addressing burner JID ML feedback

This commit is contained in:
Sam Whited 2016-10-29 12:18:48 -05:00
parent 940f640bca
commit 34fc30b2a9
1 changed files with 44 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
inbox/burner.xml
View File

@ -8,8 +8,7 @@
<header> <header>
<title>Burner JIDs</title> <title>Burner JIDs</title>
<abstract> <abstract>
A mechanism by which users may request arbitrary anonymizing "burner" JIDs A mechanism by which users may request anonymous, ephemeral "burner" JIDs.
for short term use.
</abstract> </abstract>
&LEGALNOTICE; &LEGALNOTICE;
<number>xxxx</number> <number>xxxx</number>
@ -19,6 +18,7 @@
<approver>Council</approver> <approver>Council</approver>
<dependencies> <dependencies>
<spec>XMPP Core</spec> <spec>XMPP Core</spec>
<spec>RFC 4422</spec>
</dependencies> </dependencies>
<supersedes/> <supersedes/>
<supersededby/> <supersededby/>
@ -38,16 +38,16 @@
Traditionally this is accomplished using SASL authentication and the Traditionally this is accomplished using SASL authentication and the
ANONYMOUS mechanism as detailed in &xep0175;, however, ANONYMOUS auth ANONYMOUS mechanism as detailed in &xep0175;, however, ANONYMOUS auth
provides no mechanism for changing identities (requesting a new JID) without provides no mechanism for changing identities (requesting a new JID) without
creating a new session, and server operators may not wish to allow anonymous creating a new session, nor does it provide authentication of users.
authentication to prevent abuse.
</p> </p>
<p> <p>
This specification solves these problems by decoupling anonymous identity This specification solves these problems by decoupling anonymous identity
management from authentication. management from authentication.
This allows logged in users (anonymous or otherwise at the server operators This allows logged in users (authenticated or anonymous at the server
disgression) to request a new temporary identifier, a "burner" JID, which operators disgression) to request a new temporary identifier, a "burner"
may be used by its owner in any context where they would normally use their JID, which may be used by its owner to construct a new session with the
persistent primary JID. server that is anonymous to third parties but is (optionally) locally
authenticated.
</p> </p>
</section1> </section1>
<section1 topic='Glossary' anchor='glossary'> <section1 topic='Glossary' anchor='glossary'>
@ -56,15 +56,14 @@
<dt>Burner JID</dt> <dt>Burner JID</dt>
<dd> <dd>
A temporary JID that is not valid for the purpose of authentication but A temporary JID that is not valid for the purpose of authentication but
which may be used in place of the authentication identity in a which may be authorized by an existing pre-authenticated session.
pre-authenticated session.
</dd> </dd>
</di> </di>
<di> <di>
<dt>Ephemeral identity</dt> <dt>Ephemeral identity</dt>
<dd> <dd>
The identity of a user on the server comprising a shared secret and any The identity of a user on the server comprising a burner JID and any
associated burner JIDs or other stored information about the user. other associated data.
</dd> </dd>
</di> </di>
<di> <di>
@ -118,10 +117,21 @@
type='result'> type='result'>
<identity xmlns='urn:xmpp:burner:0'> <identity xmlns='urn:xmpp:burner:0'>
<jid> <jid>
hfgnINTSA-ciCLz6NhTtCD5Jr0k:1477672278884j@example.net/4db06f06-1ea4-11dc-aca3-000bcd821bfb hfgnINTSA-ciCLz6NhTtCD5Jr0k:1477672278884j@example.net
</jid> </jid>
</identity> </identity>
</iq>]]></example> </iq>]]></example>
<p>
The burner JID MUST be a bare JID.
Burner JIDs are not valid for the purpose of authentication, but may be
authorized to perform actions.
To use the burner JID the client then attempts to establish a new session
with the server using the account that requested the burner JID as the
authentication identity and the burner JID as the authorization identity as
defined in &rfc4422; &sect;2. If the server does not support SASL, or does
not support any SASL mechanisms that support authorization identities,
burner JIDs cannot be used.
</p>
</section1> </section1>
<section1 topic='Determining Support' anchor='support'> <section1 topic='Determining Support' anchor='support'>
<p> <p>
@ -147,13 +157,18 @@
<p> <p>
It may be impractical to store verification information for every burner JID It may be impractical to store verification information for every burner JID
issued by the system. issued by the system.
To this end it is RECOMMENDED that the localpart of a burner JID be an To this end servers that implement this specification may choose to encode
HMAC-SHA-256 which includes the users JID or another unique identifier, an information into the localpart of issued burner JIDs which can be verified
expiration or issued time for the burner JID if appropriate, TLS channel when a user attempts to authorize a new session to use the burner JID.
binding information, session information, or any other data the server If an implementation chooses to do this it is RECOMMENDED that an
wishes to verify. &nistfips198-1; be used.
This HMAC MAY include the JID of the associated authentication identity, an
expiration or issued time for the burner JID, session information, TLS
channel binding data, or any other information the server wishes to verify.
The format of this key or its input values is left as an implementation The format of this key or its input values is left as an implementation
decision. decision.
</p>
<p>
As with persistent JIDs, the client MUST NOT assign any meaning to the As with persistent JIDs, the client MUST NOT assign any meaning to the
localpart or resourcepart of a burner JID. localpart or resourcepart of a burner JID.
</p> </p>
@ -161,12 +176,8 @@
<section1 topic='Security Considerations' anchor='security'> <section1 topic='Security Considerations' anchor='security'>
<p> <p>
To prevent burner JIDs from being abused for spamming, implementations To prevent burner JIDs from being abused for spamming, implementations
SHOULD rate limit all burner JIDs in use by a given authentication identity SHOULD rate limit all burner JIDs in use by an authentication identity as a
as a single unit. single unit.
</p>
<p>
When a users session ends it is RECOMMENDED that any ephemeral identities
associated with their session be purged.
</p> </p>
<p> <p>
If TLS channel binding information is encoded in the burner JID it is If TLS channel binding information is encoded in the burner JID it is
@ -177,6 +188,11 @@
resumption does not include enough context to successfully verify the resumption does not include enough context to successfully verify the
binding. binding.
</p> </p>
<p>
Implementations that choose to encode information in the localpart of burner
JIDs should take care when choosing a hash function.
For current recommendations see &xep0300;.
</p>
</section1> </section1>
<section1 topic='IANA Considerations' anchor='iana'> <section1 topic='IANA Considerations' anchor='iana'>
<p>This docment requires no interaction with the &IANA;.</p> <p>This docment requires no interaction with the &IANA;.</p>
@ -197,7 +213,7 @@
<type> <type>
<name>ephemeral</name> <name>ephemeral</name>
<desc> <desc>
An authorization service that provides ephemeral "burner" identities. An authorization service that provides ephemeral identities.
</desc> </desc>
<doc>XEP-XXXX</doc> <doc>XEP-XXXX</doc>
</type> </type>
@ -226,4 +242,7 @@
<section1 topic='XML Schema' anchor='schema'> <section1 topic='XML Schema' anchor='schema'>
<p>TODO.</p> <p>TODO.</p>
</section1> </section1>
<section1 topic='Acknowledgements' anchor='ack'>
<p>The author wishes to thank Philipp Hancke for his feedback.</p>
</section1>
</xep> </xep>