1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-12-25 00:58:52 -05:00
git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@214 4b5297f7-1745-476d-ba37-a9c6900126ab
This commit is contained in:
Ian Paterson 2006-11-27 02:09:58 +00:00
parent f1aa5b6c51
commit 3e61673a03

View File

@ -80,7 +80,7 @@
<version>0.3</version>
<date>2006-10-05</date>
<initials>ip</initials>
<remark><p>replaced secure field with security field; changed otr field to list-single</p></remark>
<remark><p>Replaced secure field with security field; changed otr field to list-single</p></remark>
</revision>
<revision>
<version>0.2</version>
@ -122,7 +122,7 @@
<p>Note: Alice MAY also publish <em>another</em> similar set of relatively long-lived <note>The more often Alice changes her published ESession options, the shorter the Perfect Forward Secrecy window of vulnerability. However, whenever she changes them she divulges her presence to all the entities that are monitoring them.</note> offline ESession options that any entity MAY use for the same purpose.</p>
<section2 topic="Publishing Offline ESession Options" anchor='init-offline-publish'>
<p>In order to publish either set of her offline ESession options Alice MUST create an options data form in exactly the same way as she would create an online ESession request data form (see the ESession Request section in <cite>Encrypted Session Negotiation</cite>) except she MUST omit The 'accept' and 'pk_hash' fields. Note: The list of stanza types she is willing to decrypt MUST NOT include the value 'iq'.</p>
<p>In order to publish either set of her offline ESession options Alice MUST create an options data form in exactly the same way as she would create an online ESession request data form (see the ESession Request section in <cite>Encrypted Session Negotiation</cite>) except she MUST omit The 'accept' and 'pubkey' fields. Note: The list of stanza types she is willing to decrypt MUST NOT include the value 'iq'.</p>
<p>Alice MUST append to the content of the form an 'expires' field containing the UTC time (see &xep0082;) that she decides her offline ESession options will expire (see <link url='#sec-expire'>Options Expiry Time</link> Security Considerations).</p>
<p>Alice MUST store her value of &NsubA; (her ESession ID), all her values of x (one for each MODP group) and the time she decides her offline ESession options will expire in a secure way, so that she can retrieve them when she comes back online (idealy even if that is using a different client and/or a different machine).</p>
<p>If Alice would not be able to decrypt stanzas if she came back online using a different client and/or a different machine then she SHOULD also encapsulate the resource of her client in a 'match_resource' field and append it to her options data form. In this case, the list of stanza types she is willing to decrypt MUST include only 'message'.</p>
@ -232,7 +232,7 @@
<field var="my_nonce">
<value> ** Base64 encoded ESession ID ** </value>
</field>
<field var="keys">
<field var="dhkeys">
<value> ** Base64 encoded value of e5 ** </value>
<value> ** Base64 encoded value of e14 ** </value>
<value> ** Base64 encoded value of e2 ** </value>
@ -294,7 +294,7 @@
<ol start='1'>
<li><p><cite>Diffie-Hellman Preparation (Bob)</cite> Note: If the value of e he selected is not valid, Bob SHOULD terminate the ESession <em>without</em> sending an error.</p></li>
<li><p><cite>Generating Session Keys</cite></p></li>
<li><p><cite>Hiding Identity</cite> Note: Since Bob did not receive a 'pk_hash' field, he MUST assume its value is false. Bob SHOULD NOT include a 'pk_hash' field in &formB; since Alice has already proved her identity.</p></li>
<li><p><cite>Hiding Identity</cite> Note: Since Bob did not receive a 'pubkey' field, he MUST assume its value is 'key'. Bob SHOULD NOT include a 'pubkey' field in &formB; since Alice has already 'proved' her identity.</p></li>
</ol>
<p>As with 3-message ESession negotiation, Bob should encapsulate the Base64 encoded values of &IDB; and &MsubB; in data form fields ('identity' and 'mac'), and append the new fields to &formB;.</p>
<p>Bob MAY also send encrypted content (see the Exchanging Stanzas section of <cite>Encrypted Session Negotiation</cite>) in the same stanza. Note: If he also includes a field named "terminate" set to a value of "1" or "true" within the data form (see the ESession Termination section of <cite>Encrypted Session Negotiation</cite>) then the ESession is terminated immediately. This special case, where a single stanza is encrypted and sent in isolation, is equivalent to object encryption (or object signing if no encryption is specified) and offers several significant advantages over non-session approaches - including perfect forward secrecy.</p>
@ -321,7 +321,7 @@
<field var="my_nonce">
<value> ** Base64 encoded ESession ID ** </value>
</field>
<field var="keys">
<field var="dhkeys">
<value> ** Base64 encoded value of d ** </value>
</field>
<field var="nonce">
@ -371,7 +371,7 @@
<li><p>Alice MUST now continue as if Bob had responded to her online ESession request, performing the steps described in two of the sections of <cite>Encrypted Session Negotiation</cite>:</p>
<ul>
<li><p><cite>Diffie-Hellman Preparation (Alice)</cite> Note: If she is not prepared to support any of the ESession options specified by Bob, or if the value of d she selected is not valid, then Alice SHOULD terminate the ESession <em>without</em> sending an error.</p></li>
<li><p><cite>Verifying Bob's Identity</cite> Note: Since Alice did not send a 'pk_hash' field to Bob, she MUST assume its value is false. If the value of &MsubB; she calculated does not match the one she received, or if she cannot confirm that &pubKeyB; really is Bob's public key, or if she cannot confirm that &signB; is the signature of the HMAC result, then Alice SHOULD terminate the ESession <em>without</em> sending an error.</p></li>
<li><p><cite>Verifying Bob's Identity</cite> Note: Since Alice did not send a 'pubkey' field to Bob, she MUST assume its value is 'key'. If the value of &MsubB; she calculated does not match the one she received, or if she cannot confirm that &pubKeyB; really is Bob's public key, or if she cannot confirm that &signB; is the signature of the HMAC result, then Alice SHOULD terminate the ESession <em>without</em> sending an error.</p></li>
</ul></li>
</ol>
</section2>