From 35ab60cdc0a1432014539637d00c26fbd54d7535 Mon Sep 17 00:00:00 2001 From: Peter Saint-Andre Date: Wed, 13 Dec 2006 23:16:18 +0000 Subject: [PATCH] 0.13pre1 git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@272 4b5297f7-1745-476d-ba37-a9c6900126ab --- xep-0136.xml | 273 +++++++++++++++++++++++++++++---------------------- 1 file changed, 153 insertions(+), 120 deletions(-) diff --git a/xep-0136.xml b/xep-0136.xml index ddc5e88e..79497aa3 100644 --- a/xep-0136.xml +++ b/xep-0136.xml @@ -37,6 +37,12 @@ &stpeter; &infiniti; + + 0.13 + 2006-12-13 + psa/ip +

Clarified chat session negotiation of OTR settings; defined stream feature.

 + 0.12 2006-11-23 @@ -111,7 +117,7 @@ -

Many XMPP clients implement some form of client-side message archiving. However, it is not always convenient or even possible to archive messages locally, e.g., because it is easier to keep all archives in one universally accessable place (not scattered around on multiple computers or devices) or because the client operates in a web browser or resides on a mobile device that does not have sufficient local storage for message archiving. In addition, server-side archiving makes it possible to offer new services such as integration of IM and email. Therefore it is beneficial to define methods for server-side archiving of XMPP messages.

+

Many XMPP clients implement some form of client-side message archiving. However, it is not always convenient or even possible to archive messages locally, e.g., because it is easier to keep all archives in one universally accessible place (not scattered around on multiple computers or devices) or because the client operates in a web browser or resides on a mobile device that does not have sufficient local storage for message archiving. In addition, server-side archiving makes it possible to offer new services such as integration of IM and email. Therefore it is beneficial to define methods for server-side archiving of XMPP messages.

There are two main approaches to this problem:

  1. Enable the client to send individual messages or entire conversations to the server for archiving (optionally after encryption); we call this manual archiving.
    2. @@ -128,17 +134,17 @@ ]]> -

    For each feature defined herein, if the server supports that feature it MUST return a <feature/> element with the 'var' attribute set to 'urn:xmpp:archive#name', where 'name' is 'auto' for the Automated Archiving feature, 'encrypt' for the server-side encryption feature (see Automated Archiving), 'manage' for the Archive Management feature, 'manual' for the Manual Archiving feature, or 'pref' for the Archiving Preferences feature.

    +

    For each feature defined herein, if the server supports that feature it MUST return a <feature/> element with the 'var' attribute set to 'http://www.xmpp.org/extensions/xep-0136.html#ns-name', where 'name' is 'auto' for the Automated Archiving feature, 'encrypt' for the server-side encryption feature (see Automated Archiving), 'manage' for the Archive Management feature, 'manual' for the Manual Archiving feature, and 'pref' for the Archiving Preferences feature.

    ... - - - - - + + + + + ... @@ -160,7 +166,7 @@

    In order to determine its user's current Save Mode(s) and OTR Mode(s), a client sends an empty <pref/> element to its server:

    - + ]]>

    The server responds with the default Save Mode and OTR Mode (a single <default/> element) and any specific Save Modes and OTR Modes for individual contacts (zero or more <item/> elements).

    @@ -173,7 +179,7 @@

    The server MUST also include an <auto/> element reflecting the current Automated Archiving settings for this stream.

    - + @@ -187,7 +193,7 @@

    If the user has never set the default Modes, the 'save' and 'otr' attributes SHOULD specify the server's default settings, and the 'unset' attribute SHOULD be set to 'true'. Note: The 'unset' attribute defaults to 'false'.

    - + @@ -202,7 +208,7 @@

    A client may set the default Modes:

    - + @@ -214,13 +220,13 @@

    The server then MUST inform all of the user's connected resources that have previously requested the user's archiving preferences:

    - + - + @@ -235,7 +241,7 @@

    A client may use a similar protocol to set the Modes for a particular contact or domain of contacts (bare JID, full JID or domain). Note: It is STRONGLY RECOMMENDED for the value of the 'jid' attribute to be a bare JID (&BAREJID;).

    - + @@ -245,13 +251,13 @@ ]]> - + - + @@ -261,7 +267,7 @@ - + @@ -273,7 +279,7 @@ ]]> - + @@ -281,7 +287,7 @@ - + @@ -294,94 +300,101 @@

    A user will sometimes exchange messages with contacts who prefer that their conversations are not archived by either party.

    Any client that archives messages SHOULD support Chat Session Negotiation and its 'otr' field both to give other contacts the opportunity to indicate this preference, and to negotiate an "Off The Record" (OTR) policy that complies with its user's own Archiving Preferences.

    -

    Note: A client MUST NOT propose or agree to enable OTR unless it has confirmed that its server will allow it to switch off Automated Archiving.

    - +

    Note: A client MUST NOT propose or agree to enable OTR (i.e., disallow message logging) unless it has confirmed that its server will allow it to switch off Automated Archiving.

    +

    Both parties to a chat session negotiation may have OTR preferences (i.e, the initiating party or "user" and the responding party or "contact"). These preferences will interact in the ways specified below, resulting either in a successful negotiation or an unsuccessful negotiation (naturally, an unsuccessful negotiation can lead to a subsequent negotiation attempt by the user or the contact).

    +

    The following table shows what chat session negotiation values the initating party (i.e., the "user") should send for the 'otr' field in the initial data form for a chat session negotiation (note: 'may' means that the receiving party MAY enable message logging and 'mustnot' means that the receiving party MUST NOT enable logging).

    +
    - - + + - + - + - + - + - + - +
    OTR Archive PreferenceOffered options*User's OTR PreferenceOffering 'otr' Negotiation Option(s)*
    requiretrue***may**
    prefertrue,falsemay,mustnot
    approvetrue,falsemay,mustnot
    concedefalse,true**mustnot,may***
    opposefalse,true**mustnot,may***
    forbidfalse**mustnot***

    * In order of preference, the first value is the default

    -

    ** Alternatively, the client MAY decide not to initiate an OTR negotiation and to save messages (until the contact initiates a negotiation).

    -

    *** If the client receives no response it MUST NOT send any messages to the contact.

    -

    Note: When negotiating a chat session the client MUST include the <required/> element inside the 'otr' <field/> element. If the client receives no successful response to its chat negotiation request (and if the OTR Mode is not 'require') then it SHOULD proceed as if the contact had responded with the value of the 'otr' <field/> element set to 'false'.

    - +

    ** If the user receives no response it MUST NOT send any messages to the contact.

    +

    *** Alternatively, the user MAY decide not to initiate an OTR negotiation and to save messages (until the contact initiates a negotiation).

    +

    Note: When negotiating a chat session, the user MUST include the <required/> element inside the 'otr' <field/> element. If the user does not receive a successful response to its chat negotiation request (and if the OTR Mode is not 'require'), then it SHOULD proceed as if the contact had responded with the value of the 'otr' <field/> element set to 'false'.

    +

    The following table shows what chat session negotiation values the responding party (i.e., "contact") should send for the 'otr' field in its response to a chat session negotiation request from the user.

    +
    - - - - - + + + + + + + + + - - - + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - + + +
    OTR Archive Preferencetruetrue,false*false,true*falseContact's OTR PreferenceResponding 'otr' Negotiation Values*
    Initiator Options -->maymay,mustnot*mustnot,may*mustnot
    requiretruetruetruemaymaymay fail**
    prefertruetruetruefalsemaymaymaymustnot
    approvetruetruefalsefalsemaymaymustnotmustnot
    concedetruetruefalsefalsemaymaymustnotmustnot
    opposetruefalsefalsefalsemaymustnotmustnotmustnot
    forbid fail**falsefalsefalsemustnotmustnotmustnot

    * The first value is the default.

    -

    ** The client MUST NOT send any messages to the contact.

    +

    ** The negotiation fails and the parties MUST NOT exchange any messages; however, the recipient MAY attempt to initiate a chat session negotiation with the other party.

    Note: If a contact does not include an 'otr' field in its initial Chat Session Negotiation request, and a user's Archiving Preferences indicate that OTR is required, then the client MUST refuse the request. It MAY then send its own Chat Session Negotiation request with an 'otr' field.

    If a user's OTR preference for a contact changes during a Chat Session that has been negotiated with the contact, and if the new preference would affect the value of the 'otr' field that was previously negotiated, then the client MUST immediately renegotiate the 'otr' field according to the user's new OTR preference (or terminate the Chat Session).

     @@ -394,7 +407,7 @@

    While automated archiving is easy for the client and server to implement, there are many contexts in which manual archiving is required. For examples, when:

      -
    • Messages are encrypted using evanscent keys, as in &xep0116;
      • +
    • Messages are encrypted using evanescent keys, as in &xep0116;
    • A client's own server does not support automated archiving but it (or another server) does support manual archiving
    • A server does not support encryption of auto-archived collections
    • A client wants to maintain a unified archive for messages that were transmitted both in and out-of-band (e.g. SMS or email)
      • @@ -422,7 +435,7 @@

      A collection of messages and notes is uploaded to the server encapsulated in a <save/> element.

      - + If the client specifies a new value for the 'subject' attribute of any existing collection then the server MUST update the existing value. Note: The client cannot specify new values for the 'with' or 'start' attributes. The only way to change these values is to delete the collection (see Removing a Collection) and then create a new one.

      - + @@ -465,7 +478,7 @@

      The client MAY specify an absolute time for any message by providing a longer 'utc' attribute (which MUST be UTC and adhere to the DateTime format specified in Jabber Date and Time Profiles) instead of a 'secs' attribute. The absolute time MAY be before the start time of the collection:

      - + @@ -478,15 +491,15 @@ ]]> -

      A client MAY archive messages that it receives from &xep0045; rooms. The 'with' attribute MUST be the bare JID of the room. The client MUST include a 'name' attribute for each <from/> element to specify the room nickname of the message sender:

      +

      A client MAY archive messages that it receives from &xep0045; rooms. The 'with' attribute MUST be the bare JID of the room. The client MUST include a 'name' attribute for each <from/> element to specify the room nickname (and, if available, bare JID) of the message sender:

      - + She will invite him to some supper. A bawd, a bawd, a bawd! So ho! - What hast thou found? + What hast thou found? @@ -496,7 +509,7 @@

      Collections MAY be linked together by including a <previous/> and/or <next/> element. Each such element MUST include both a 'with' and a 'start' element to identify the other collection to which the collection is linked. For example, the <previous/> and <next/> elements in the two examples below are being used to link a groupchat between Romeo, Benvolio and Mercutio to a private chat that Romeo was having with Benvolio before they invited Mercutio to join them. Note: Collections MAY be linked in only one direction, they are not required to be double-linked in the way the examples below are.

      - + @@ -508,7 +521,7 @@ ]]> - + @@ -524,7 +537,7 @@

      <previous/> and <next/> elements MAY be removed from a collection simply by uploading a <previous/> and/or <next/> element without any 'with' or 'start' attributes. Note: The server SHOULD NOT return an error if it finds that a link to be deleted does not exist.

      - + @@ -539,11 +552,11 @@

      A collection MUST NOT contain more than one x:data form. If a form is uploaded to a collection that already contains one then the older form element MUST be discarded. When a collection is retrieved (see Retrieving a Collection) the x:data form MUST appear as the first element in the collection after any <previous/> or <next/> elements, whatever order it was uploaded in. Upon retrieval the 'type' attribute of the form MAY be 'submit' or 'form'.

      - + - urn:xmpp:archive + http://www.xmpp.org/extensions/xep-0136.html#ns 1 1 1469-07-29T12:00:00Z @@ -557,7 +570,7 @@

      The content of the uploaded x:data form MAY be encrypted (see Encryption).

      - + @@ -585,7 +598,7 @@

      The x:data form MAY be removed from a collection simply by uploading an empty form. Note: The server SHOULD NOT return an error if it finds that the form to be deleted does not exist.

      - + @@ -596,7 +609,7 @@       -

      The examples above are not encrypted for clarity. However, clients SHOULD encrypt manually-archived collections (although early implementations of this protocol MAY prefer to defer encryption and decryption to later versions). Servers MUST support the manual-archiving of encrypted collections.

      +

      The examples above are not encrypted for clarity. However, clients SHOULD encrypt manually-archived collections (although early implementations of this protocol MAY prefer to defer encryption and decryption to later releases). Servers MUST support the manual-archiving of encrypted collections.

      Before uploading a sequence of messages to a collection, the client SHOULD select a symmetric data encryption algorithm, generate a suitable random encryption key, give the key a unique (for the user) name, encrypt the symmetric key with one of the user's public keys, and wrap the result inside one or more <EncryptedKey/> elements, as specified in &w3xmlenc;.

      To ensure that all its user's clients will be able to decrypt the collection, the client SHOULD create one <EncryptedKey/> element for each of its user's public keys that are being published using &xep0189;. However, the client MUST NOT create an <EncryptedKey/> element for any public key until it has confirmed that it belongs to the user. Note: The fact that a public key is being published using Public Key Publishing is not sufficient proof of ownership, since the user's server may have been compromised at some stage. The method of confirmation is beyond the scope of this document.

      The client SHOULD use the symmetric key to encrypt the joined sequence of <to/>, <from/> and <note/> elements, base64 encode the resulting sequence of bytes, and wrap it inside an <EncryptedData/> element, as described in XML Encryption.

      @@ -605,7 +618,7 @@

      Note: A collection that contains <EncryptedData/> or <EncryptedKey/> elements MUST NOT contain <to/> or <from/> or <note/> elements.

      - + @@ -664,19 +677,19 @@
    - +     ]]>         -

    Servers (and clients) SHOULD support the encryption (and decryption) of automatically-archived collections (although early implementations of this protocol MAY prefer to defer encryption and decryption to later versions).

    -

    Whenever the client enables auto-archiving it SHOULD set the optional 'encrypt' attribute to 'true'. After receiving such a request, if the server supports encryption (see Determining Server Support), it MUST encrypt all the messages that it archives automatically (including any message collections that are currently being recorded) by following exactly the same proceedure as clients use when manually archiving collections (see Encryption).

    +

    Servers (and clients) SHOULD support the encryption (and decryption) of automatically-archived collections (although early implementations of this protocol MAY prefer to defer encryption and decryption to later releases).

    +

    Whenever the client enables auto-archiving it SHOULD set the optional 'encrypt' attribute to 'true'. After receiving such a request, if the server supports encryption (see Determining Server Support), it MUST encrypt all the messages that it archives automatically (including any message collections that are currently being recorded) by following exactly the same procedure as clients use when manually archiving collections (see Encryption).

    The client MAY also specify one or more public keys (in addition to any public keys that the user may be publishing using Public Key Publishing). The server MUST use them all to encrypt all the symmetric keys it generates and add these to the collection wrapped in <EncryptedKey/> elements.

    + xmlns='http://www.xmpp.org/extensions/xep-0136.html#ns'> romeoPublicKey3fingerprint @@ -717,7 +730,7 @@

    The client SHOULD use Result Set Management to limit the number of collections returned by the server in a single stanza, taking care not to request a page of collections that is so big it might exceed karma limits.

    - 30 @@ -727,7 +740,7 @@ ]]> - @@ -739,7 +752,7 @@ ]]> - 30 @@ -750,7 +763,7 @@

    The server MUST list the collections (empty <chat/> elements including all attributes) in chronological order when responding to any request. If the collection contains <EncryptedData/> or <EncryptedKey/> elements then the 'crypt' attribute of the <chat/> element MUST be set to 'true':

    - + If no collections correspond to the request the server MUST return an empty <list/> element:

    - + ]]> - 30 @@ -793,7 +806,7 @@

    The client SHOULD use Result Set Management to limit the number of messages returned by the server in a single stanza, taking care not to request a page of messages that is so big it might exceed karma limits.

    - @@ -804,7 +817,7 @@ ]]> - @@ -826,7 +839,7 @@

    If the specified collection does not exist then the server MUST return an ¬found; error:

    - @@ -841,7 +854,7 @@

    If the requested collection is empty the server MUST return an empty <chat/> element:

    - @@ -849,7 +862,7 @@ ]]> - @@ -862,7 +875,7 @@

    The items in encrypted collections are typically larger - since each <EncryptedData/> element typically contains many messages. So the client SHOULD take even more care not to request a page of <EncryptedData/> elements that is so big it might exceed karma limits.

    - @@ -874,7 +887,7 @@

    In addition to the requested <EncryptedData/> elements, the server MUST return all the <EncryptedKey/> elements that it possesses for the user whose symmetric key name (wrapped in its <CarriedKeyName/> child) is referenced by the <KeyName/> child of the <KeyInfo/> child of any of the <EncryptedData/> elements in the returned page.

    - @@ -940,7 +953,7 @@

    The client MAY limit the number of <EncryptedKey/> elements that it receives by specifying the name of one or more public keys for which it holds the associated private keys. The name of each public key MUST be wrapped in a <KeyName/> element.

    - romeoPublicKey1fingerprint @@ -957,7 +970,7 @@

    To request the removal of a single collection the client sends an empty <remove/> element. The 'with' (full JID) and 'start' attributes MUST be included to uniquely identify the collection.

    - @@ -965,7 +978,7 @@

    The client may remove several collections at once. The 'start' and 'end' elements MAY be specified to indicate a date range. The 'with' attribute MAY be a full JID, bare JID or domain.

    - @@ -975,7 +988,7 @@

    If the end date is in the future then then all collections after the start date are removed.

    - @@ -983,34 +996,34 @@

    If the start date is before all the collections in the archive then all collections prior to the end date are removed.

    - ]]> - + ]]>

    If the value of the optional 'open' attribute is set to 'true' then only collections that are currently being recorded automatically by the server (see Automated Archiving) are removed.

    - ]]> - ]]>

    If the specified collection (or collections) do not exist then the server MUST return an ¬found; error:

    - @@ -1025,7 +1038,7 @@

    The client first requests a list of the affected <EncryptedKey/> elements from all collections by sending a <keys/> element to the server:

    - + romeoPublicKey1fingerprint 50 @@ -1036,7 +1049,7 @@

    The server MUST return only <EncryptedKey/> elements whose symmetric encryption key is encrypted with the obsolete public key specified in the <KeyName/> child of the request:

    - + @@ -1070,7 +1083,7 @@

    The client decrypts each symmetric key with the obsolete private key and encrypts it again with the new public key. The client then wraps each symmetric key in an <EncryptedKey/> element and asks the server to archive it in its associated collection on the server (see Encryption):

    - + @@ -1099,7 +1112,7 @@

    Finally, the client asks the server to delete from each collection all <EncryptedKey/> elements whose symmetric encryption key is encrypted with the obsolete public key:

    - romeoPublicKey1fingerprint @@ -1117,7 +1130,7 @@ - + 50 1469-07-21T01:14:47Z @@ -1128,7 +1141,7 @@

    The server MUST return the changed collections in the chronological order that they were changed (most recent last). If a collection has been modified, created or removed after the time specified by the <after/> element then the server MUST include it in the returned result set page of collections (unless the specified maximum page size would be exceeded). Each <changed/> or <removed/> collection element (for modified/created, or removed collections respectively) in the returned list MUST include only 'with' and 'start' attribues. The server MUST set the content of the <last/> element to the UTC time (see Jabber Date and Time Profiles) that the last collection on the page was modified.

    - + . @@ -1152,7 +1165,7 @@

    So that clients can share archived messages, this document specifies a common format for storage on disk (similar to email formats like mbox and Maildir). The file format uses the same XML constructs as the protocol. Each file may contain messages exchanged with a single JID. Any number of <chat/> elements may be stored in an archive file.

    - Art thou not Romeo, and a Montague? @@ -1174,9 +1187,21 @@

    Server implementations SHOULD give system administrators the option to disable support for both automated and manual archiving, since archived conversations can consume significant storage space.

     + +

    Although message archiving is not negotiated between a client and its server as part of stream negotiation, a server MAY advertise a stream feature of "http://www.xmpp.org/extensions/xep-0136.html#ns" (see Protocol Namespace) during stream setup (via the <feature/> element, which MUST NOT contain a <required/> child), and MUST do so if automatic archiving is on by default (if so, the <feature/> element MUST include a <default/> child).

    + + ]]> + + + + ]]> +

    If automatic archiving defaults to enabled then that creates serious privacy issues for users of legacy clients that do not support this protocol, and (more seriously) for those contacts who they unwittingly mislead by agreeing to disable logging (via the 'otr' field defined in XEP-0155).

    +

    If a server deployment enables automatic archiving by default, then it MUST return a stream feature containing an empty <default/> element (see the Stream Feature section of this document).

    Since the subject of each collection will not be encrypted, the client MUST warn its human user (if any) before including 'subject' attributes on encrypted collections.

    @@ -1191,24 +1216,24 @@

    No interaction with &IANA; is required as a result of this document.

     - -

    The ®ISTRAR; shall include 'urn:xmpp:archive' in its registry of protocol namespaces (see &NAMESPACES;):

    + +

    Until this specification advances to a status of Draft, its associated namespace shall be "http://www.xmpp.org/extensions/xep-0155.html#ns"; upon advancement of this specification, the XMPP Registrar shall issue a permanent namespace in accordance with the process defined in Section 4 of &xep0053;.

    The XMPP Registrar shall include the following features in its registry of service discovery features (see &DISCOFEATURES;):

      -
    • urn:xmpp:archive#auto
      • -
    • urn:xmpp:archive#encrypt
      • -
    • urn:xmpp:archive#manage
      • -
    • urn:xmpp:archive#manual
      • -
    • urn:xmpp:archive#pref
      • +
    • http://www.xmpp.org/extensions/xep-0136.html#ns-auto
      • +
    • http://www.xmpp.org/extensions/xep-0136.html#ns-encrypt
      • +
    • http://www.xmpp.org/extensions/xep-0136.html#ns-manage
      • +
    • http://www.xmpp.org/extensions/xep-0136.html#ns-manual
      • +
    • http://www.xmpp.org/extensions/xep-0136.html#ns-pref

    &xep0068; defines a process for standardizing the fields used within Data Forms qualified by a particular namespace. The following fields shall be registered for use in Message Archiving:

    - urn:xmpp:archive + http://www.xmpp.org/extensions/xep-0136.html#ns XEP-0136 Attributes of a message collection @@ -1513,6 +1538,14 @@ + + + + + + + +