1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-24 10:12:19 -05:00
git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@1478 4b5297f7-1745-476d-ba37-a9c6900126ab
This commit is contained in:
Peter Saint-Andre 2007-12-18 20:46:56 +00:00
parent 8bb682093d
commit 4b0bc97615

View File

@ -34,10 +34,10 @@
<jid>jajcus@jabber.bnet.pl</jid> <jid>jajcus@jabber.bnet.pl</jid>
</author> </author>
<revision> <revision>
<version>1.5pre11</version> <version>1.5pre12</version>
<date>in progress, last updated 2007-12-18</date> <date>in progress, last updated 2007-12-18</date>
<initials>jjh/psa</initials> <initials>jjh/psa</initials>
<remark><p>Specified that inclusion of hash attribute is required and removed default value of sha-1; mentioned pre-image attack and added reference to RFC 4270; clarified meaning and construction of caps node attribute and disco node attribute; specified that node attribute shall be included in disco#info request for backwards-compatibility; further specified security considerations; clarified handling of the legacy format to assist developers; defined optional v attribute for the software version.</p></remark> <remark><p>Specified that inclusion of hash attribute is required and removed default value of sha-1; mentioned pre-image attack and added reference to RFC 4270; clarified meaning and construction of caps node attribute and disco node attribute; specified that node attribute shall be included in disco#info request for backwards-compatibility; further specified security considerations; clarified handling of the legacy format to assist developers; defined optional v attribute for the software version; added service discovery feature for caps optimization to prevent confusion regarding server support of caps vs. caps optimization.</p></remark>
</revision> </revision>
<revision> <revision>
<version>1.4</version> <version>1.4</version>
@ -122,11 +122,11 @@
<li>Not showing a "Send a File" button if another user's client does not support &xep0096;.</li> <li>Not showing a "Send a File" button if another user's client does not support &xep0096;.</li>
<li>Filtering &xep0060; notifications based on advertised subscriber interests.</li> <li>Filtering &xep0060; notifications based on advertised subscriber interests.</li>
</ul> </ul>
<p>In the past, some Jabber clients sent one &xep0030; and one &xep0092; request to each entity from which they received presence after login. That "disco+version flood" resulted in an excessive use of bandwidth and was impractical on a larger scale, particularly for users or applications with large rosters. Therefore this document defines a more robust and scalable solution: namely, a presence-based mechanism <note>This proposal is not limited to clients, and can be used by any entity that exchanges presence with another entity, e.g., a gateway. However, this document uses the example of clients throughout.</note> for exchanging information about entity capabilities. Clients should not engage in the older "disco+version flood" behavior and instead should use Entity Capabilities as specified herein.</p> <p>In the past, after logging in some Jabber clients sent one &xep0030; and one &xep0092; request to each entity from which they received presence. That "disco/version flood" resulted in an excessive use of bandwidth and was impractical on a larger scale, particularly for users with large rosters. Therefore this document defines a more robust and scalable solution: namely, a presence-based mechanism <note>This proposal is not limited to clients, and can be used by any entity that exchanges presence with another entity, e.g., a gateway. However, this document uses the example of clients throughout.</note> for exchanging information about entity capabilities. Clients should not engage in the older "disco/version flood" behavior and instead should use Entity Capabilities as specified herein.</p>
</section2> </section2>
<section2 topic='How It Works' anchor='howitworks'> <section2 topic='How It Works' anchor='howitworks'>
<p>This section provides a friendly introduction to entity capabilities ("caps").</p> <p>This section provides a friendly introduction to entity capabilities ("caps").</p>
<p>Imagine that you are a Shakespearean character named Juliet and one of your contacts, a handsome fellow named Romeo, becomes available. His client wants to publish its capabilities, and does this by adding a &lt;c/&gt; element with special attributes to its presence packets. As a result, your client receives the following presence packet:</p> <p>Imagine that you are a Shakespearean character named Juliet and one of your contacts, a handsome fellow named Romeo, becomes available. His client wants to publish its capabilities, and does this by adding to its presence packets a &lt;c/&gt; element with special attributes. As a result, your client receives the following presence packet:</p>
<code><![CDATA[ <code><![CDATA[
<presence from='romeo@montague.lit/orchard'> <presence from='romeo@montague.lit/orchard'>
<c xmlns='http://jabber.org/protocol/caps' <c xmlns='http://jabber.org/protocol/caps'
@ -136,7 +136,7 @@
ver='8RovUdtOmiAjzj+xI7SK5BCw3A8='/> ver='8RovUdtOmiAjzj+xI7SK5BCw3A8='/>
</presence> </presence>
]]></code> ]]></code>
<p>The 'node' attribute represents the client Romeo is using (the client identifier is an "FYI" and is not used further in Entity Capabilities). The 'ver' attribute is a specially-constructed string that represents the identity (see &DISCOCATEGORIES;) and supported features (see &DISCOFEATURES;) of the entity.</p> <p>The 'node' attribute represents the client software Romeo is using. The optional 'v' attribute represents the specific version of that client software (it is only an "FYI" and is not used further in entity capabilities). The 'ver' attribute is a specially-constructed string that represents the identity (see &DISCOCATEGORIES;) and supported features (see &DISCOFEATURES;) of the entity.</p>
<p>At this point, your client has no idea what the capabilities are of someone with a version string '8RovUdtOmiAjzj+xI7SK5BCw3A8='. Your client therefore sends a service discovery query to Romeo, asking what his client can do.</p> <p>At this point, your client has no idea what the capabilities are of someone with a version string '8RovUdtOmiAjzj+xI7SK5BCw3A8='. Your client therefore sends a service discovery query to Romeo, asking what his client can do.</p>
<code><![CDATA[ <code><![CDATA[
<iq from='juliet@capulet.lit/chamber' <iq from='juliet@capulet.lit/chamber'
@ -162,7 +162,7 @@
</query> </query>
</iq> </iq>
]]></code> ]]></code>
<p>At this point, your client knows that anyone advertising a version string of '8RovUdtOmiAjzj+xI7SK5BCw3A8=' has a client that can do &xep0045; and the other features returned by Romeo's client (the string can be relied upon because of how it is generated and checked as explained later in this document). Your client remembers this information, so that it does not need to explicitly query the capabilities of a contact with the same version string. For example, Benvolio may send you the following presence:</p> <p>At this point, your client knows that anyone advertising a version string of '8RovUdtOmiAjzj+xI7SK5BCw3A8=' has a client that can do &xep0045; and the other features returned by Romeo's client (the string can be relied upon because of how it is generated and checked, as explained later in this document). Your client remembers this information, so that it does not need to explicitly query the capabilities of a contact with the same version string. For example, Benvolio may send you the following presence:</p>
<code><![CDATA[ <code><![CDATA[
<presence from='benvolio@capulet.lit/230193'> <presence from='benvolio@capulet.lit/230193'>
<c xmlns='http://jabber.org/protocol/caps' <c xmlns='http://jabber.org/protocol/caps'
@ -188,7 +188,7 @@
<presence from='bard@shakespeare.lit/globe'> <presence from='bard@shakespeare.lit/globe'>
<c xmlns='http://jabber.org/protocol/caps' <c xmlns='http://jabber.org/protocol/caps'
hash='sha-1' hash='sha-1'
node='http://www.chatopus.com/' node='http://www.chatopus.com'
ver='zHyEOgxTrkpSdGcQKH8EFPLsriY='/> ver='zHyEOgxTrkpSdGcQKH8EFPLsriY='/>
</presence> </presence>
]]></code> ]]></code>
@ -202,9 +202,9 @@
<li>Clients for the people on my roster might want to make user interface decisions based on my capabilities.</li> <li>Clients for the people on my roster might want to make user interface decisions based on my capabilities.</li>
<li>Different clients may support the same capabilities.</li> <li>Different clients may support the same capabilities.</li>
<li>Members of a community tend to cluster around a small set of clients with a small set of capabilities. More specifically, multiple people in my roster use the same client, and they upgrade versions relatively slowly (commonly a few times a year, perhaps once a week at most, certainly not once a minute).</li> <li>Members of a community tend to cluster around a small set of clients with a small set of capabilities. More specifically, multiple people in my roster use the same client, and they upgrade versions relatively slowly (commonly a few times a year, perhaps once a week at most, certainly not once a minute).</li>
<li>Some clients are running against servers without server-to-server connectivity enabled, and without access to the Internet via HTTP.</li> <li>Some clients are running on networks without server-to-server connectivity enabled and without access to the Internet via HTTP.</li>
<li>Conversations are possible between users who are not on each other's rosters.</li> <li>Conversations are possible between users who are not on each other's rosters.</li>
<li>Client capabilities may change over the course of a presence session, due to features being enabled and disabled.</li> <li>Client capabilities may change over the course of a presence session, as features are enabled or disabled.</li>
</ul> </ul>
</section1> </section1>
@ -213,11 +213,12 @@
<ol> <ol>
<li>Clients must be able to participate even if they support only &xmppcore;, &xmppim;, and <cite>XEP-0030</cite>.</li> <li>Clients must be able to participate even if they support only &xmppcore;, &xmppim;, and <cite>XEP-0030</cite>.</li>
<li>Clients must be able to participate even if they are on networks without connectivity to other XMPP servers, services offering specialized XMPP extensions, or HTTP servers.<note>These first two requirements effectively eliminated &xep0060; as a possible implementation of entity capabilities.</note></li> <li>Clients must be able to participate even if they are on networks without connectivity to other XMPP servers, services offering specialized XMPP extensions, or HTTP servers.<note>These first two requirements effectively eliminated &xep0060; as a possible implementation of entity capabilities.</note></li>
<li>Clients must be able to retrieve information without querying each user.</li> <li>Clients must be able to retrieve information without querying every entity with which they communicate.</li>
<li>Since presence is normally broadcasted to many users, the byte size of the proposed extension must be as small as possible.</li> <li>Since presence is normally broadcasted to many contacts, the byte size of the proposed extension must be as small as possible.</li>
<li>It must be possible to write a XEP-0045 server implementation that passes the given information along.</li> <li>It must be possible to write a XEP-0045 server implementation that passes the given information along.</li>
<li>It must be possible to publish a change in capabilities within a single presence session.</li> <li>It must be possible to publish a change in capabilities within a single presence session.</li>
<li>Server infrastructure above and beyond that defined in <cite>XMPP Core</cite> and <cite>XMPP IM</cite> must not be required for this approach to work, although additional server infrastructure may be used for optimization purposes.</li> <li>Server infrastructure above and beyond that defined in <cite>XMPP Core</cite> and <cite>XMPP IM</cite> must not be required for this approach to work, although additional server infrastructure may be used for optimization purposes.</li>
<li>The defined mechanism must not be limited to clients but must be usable be servers, components, and other network entities.</li>
</ol> </ol>
</section1> </section1>
@ -241,7 +242,7 @@
</tr> </tr>
<tr> <tr>
<td>node</td> <td>node</td>
<td>A unique identifier for the software underlying the entity, typically a URL at the website of the project or company that produces the software. *</td> <td>A URI that uniquely identifies a software application, typically a URL at the website of the project or company that produces the software. *</td>
<td>REQUIRED</td> <td>REQUIRED</td>
</tr> </tr>
<tr> <tr>
@ -255,12 +256,12 @@
<td>REQUIRED</td> <td>REQUIRED</td>
</tr> </tr>
</table> </table>
<p>* Note: It is RECOMMENDED for the value of the 'node' attribute to be an HTTP URL at which a user could find further information about the software product, such as "http://psi-im.org/" for the Psi client; this enables a processing application to also determine a unique string for the generating application, which it could maintain in a list of known products (e.g., associating the name received via the disco#info reply with the URL found in the caps data).</p> <p>* Note: It is RECOMMENDED for the value of the 'node' attribute to be an HTTP URL at which a user could find further information about the software product, such as "http://psi-im.org/" for the Psi client; this enables a processing application to also determine a unique string for the generating application, which it could maintain in a list of known software implementations (e.g., associating the name received via the disco#info reply with the URL found in the caps data).</p>
<p>** Note: Before version 1.5 of this specification, the version information was contained in the 'ver' attribute as described below.</p> <p>** Note: Before version 1.5 of this specification, the version information was contained in the 'ver' attribute as described below.</p>
<p>*** Note: Before version 1.4 of this specification, the 'ver' attribute was used to specify the released version of the software; while the values of the 'ver' attribute that result from use of the algorithm specified herein are backwards-compatible, applications SHOULD appropriately handle the <link url='#legacy'>Legacy Format</link>.</p> <p>*** Note: Before version 1.4 of this specification, the 'ver' attribute was used to specify the released version of the software; while the values of the 'ver' attribute that result from use of the algorithm specified herein are backwards-compatible, applications SHOULD appropriately handle the <link url='#legacy'>Legacy Format</link>.</p>
</section1> </section1>
<section1 topic='Generation of ver Attribute' anchor='ver'> <section1 topic='Generation of the ver Attribute' anchor='ver'>
<p>In order to help prevent poisoning of entity capabilities information, the value of the 'ver' attribute MUST be generated according to the following method.</p> <p>In order to help prevent poisoning of entity capabilities information, the value of the 'ver' attribute MUST be generated according to the following method.</p>
<p>Note: All sorting operations MUST be performed using "i;octet" collation as specified in Section 9.3 of &rfc4790;.</p> <p>Note: All sorting operations MUST be performed using "i;octet" collation as specified in Section 9.3 of &rfc4790;.</p>
<ol> <ol>
@ -269,7 +270,7 @@
<li>For each identity, append the 'category/type' to S, followed by the '&lt;' character.</li> <li>For each identity, append the 'category/type' to S, followed by the '&lt;' character.</li>
<li>Sort the supported service discovery features. <note>A registry of service discovery features is located at &DISCOFEATURES;.</note></li> <li>Sort the supported service discovery features. <note>A registry of service discovery features is located at &DISCOFEATURES;.</note></li>
<li>For each feature, append the feature to S, followed by the '&lt;' character.</li> <li>For each feature, append the feature to S, followed by the '&lt;' character.</li>
<li>Compute ver by hashing S using the algorithm specified in in the 'hash' attribute (e.g., SHA-1 as defined in &rfc3174;. The hashed data MUST be generated with binary output and encoded using Base64 as specified in Section 4 of &rfc4648; (note: the Base64 output MUST NOT include whitespace and MUST set padding bits to zero). <note>The OpenSSL command for producing such output with SHA-1 is is "echo -n 'S' | openssl dgst -binary -sha1 | openssl enc -nopad -base64".</note></li> <li>Compute ver by hashing S using the algorithm specified in in the 'hash' attribute (e.g., SHA-1 as defined in &rfc3174;). The hashed data MUST be generated with binary output and encoded using Base64 as specified in Section 4 of &rfc4648; (note: the Base64 output MUST NOT include whitespace and MUST set padding bits to zero). <note>The OpenSSL command for producing such output with SHA-1 is is "echo -n 'S' | openssl dgst -binary -sha1 | openssl enc -nopad -base64".</note></li>
</ol> </ol>
<p>For example, consider an entity whose service discovery category is "client", whose service discovery type is "pc", and whose supported features are "http://jabber.org/protocol/disco#info", "http://jabber.org/protocol/disco#items", and "http://jabber.org/protocol/muc". Using the SHA-1 algorightm, the value of the 'ver' attribute would be generated as follows:</p> <p>For example, consider an entity whose service discovery category is "client", whose service discovery type is "pc", and whose supported features are "http://jabber.org/protocol/disco#info", "http://jabber.org/protocol/disco#items", and "http://jabber.org/protocol/muc". Using the SHA-1 algorightm, the value of the 'ver' attribute would be generated as follows:</p>
<ol> <ol>
@ -284,22 +285,30 @@
<section1 topic='Use Cases' anchor='usecases'> <section1 topic='Use Cases' anchor='usecases'>
<section2 topic='Advertising Capabilities' anchor='advertise'> <section2 topic='Advertising Capabilities' anchor='advertise'>
<p>Each time a generating entity sends presence, it annotates that presence with an entity identifier ('node' attribute) and identity and feature identifier ('ver' attribute). In order that servers can remember the last presence for use in responding to probes, a client SHOULD include entity capabilities with every presence change.</p> <p>Each time a generating entity sends presence, it annotates that presence with an entity identifier ('node' attribute) and identity and feature identifier ('ver' attribute). So that servers can remember the last presence for use in responding to probes, a client SHOULD include entity capabilities with every presence notification it sends.</p>
<p>If the supported features change during a generating entity's presence session (e.g., a user installs an updated version of a client plugin), the application MUST recompute the 'ver' attribute and SHOULD send a new presence broadcast.</p> <example caption='Presence with caps'><![CDATA[
<example caption='Annotated presence sent'><![CDATA[
<presence> <presence>
<c xmlns='http://jabber.org/protocol/caps' <c xmlns='http://jabber.org/protocol/caps'
hash='sha-1' hash='sha-1'
node='http://code.google.com/p/exodus' node='http://code.google.com/p/exodus'
v='0.9.1' v='0.9.1'
ver='8RovUdtOmiAjzj+xI7SK5BCw3A8='/> ver='8RovUdtOmiAjzj+xI7SK5BCw3A8='/>
</presence>
]]></example>
<p>If the supported features change during a generating entity's presence session (e.g., a user installs an updated version of a client plugin), the application MUST recompute the 'ver' attribute and SHOULD send a new presence broadcast.</p>
<example caption='Presence with recomputed ver attribute'><![CDATA[
<presence>
<c xmlns='http://jabber.org/protocol/caps'
hash='sha-1'
node='http://code.google.com/p/exodus'
v='0.9.1'
ver='66/0NaeaBKkwk85efJTGmU47vXI='/>
</presence> </presence>
]]></example> ]]></example>
</section2> </section2>
<section2 topic="Discovering Capabilities" anchor='discover'> <section2 topic="Discovering Capabilities" anchor='discover'>
<p>An application (here called the "requesting entity") can learn what features another entity supports by sending a disco#info request (see <cite>XEP-0030</cite>) to the entity that generated the caps information (here called the "generating entity").</p> <p>An application (the "requesting entity") can learn what features another entity supports by sending a disco#info request (see <cite>XEP-0030</cite>) to the entity that generated the caps information (the "generating entity").</p>
<example caption='Disco#info request'><![CDATA[ <example caption='Disco#info request'><![CDATA[
<iq from='juliet@capulet.lit/balcony' <iq from='juliet@capulet.lit/balcony'
@ -332,17 +341,17 @@
</iq> </iq>
]]></example> ]]></example>
<p>The requesting entity MUST check the identities and supported features against the 'ver' value by calculating the hash as described under <link url='#ver'>Generating the ver Attribute</link> and making sure that the values match. If the values do not match, the requesting entity MUST NOT accept or cache the 'ver' value as reliable and SHOULD check the service discovery identity and supported features of another generating entity who advertises that value (if any). This helps to prevent poisoning of entity capabilities information.</p> <p>The requesting entity MUST check the identities and supported features against the 'ver' value by calculating the hash as described under <link url='#ver'>Generation of the ver Attribute</link> and making sure that the values match. If the values do not match, the requesting entity MUST NOT accept or cache the 'ver' value as reliable and SHOULD check the service discovery identity and supported features of another generating entity who advertises that value (if any). This helps to prevent poisoning of entity capabilities information.</p>
</section2> </section2>
<section2 topic='Stream Feature' anchor='stream'> <section2 topic='Stream Feature' anchor='stream'>
<p>A server MAY include its own entity capabilities in a stream feature element so that connecting clients and peer servers do not need to send service discovery requests each time they connect:</p> <p>A server MAY include its entity capabilities in a stream feature element so that connecting clients and peer servers do not need to send service discovery requests each time they connect.</p>
<example caption='Stream feature element including capabilities'><![CDATA[ <example caption='Stream feature element including capabilities'><![CDATA[
<stream:features> <stream:features>
<c xmlns='http://jabber.org/protocol/caps' <c xmlns='http://jabber.org/protocol/caps'
hash='sha-1' hash='sha-1'
node='http://jabberd.org/entity' node='http://jabberd.org'
v='1.6.1' v='1.6.1'
ver='ItBTI0XLDFvVxZ72NQElAzKS9sU='> ver='ItBTI0XLDFvVxZ72NQElAzKS9sU='>
</stream:features> </stream:features>
@ -350,18 +359,45 @@
</section2> </section2>
</section1> </section1>
<section1 topic='Server Optimizations' anchor='optimizations'> <section1 topic='Caps Optimization' anchor='optimization'>
<p>A server that is managing an entity's presence session MAY choose to optimize traffic through the server. In this case, the server MAY strip off redundant capabilities annotations. Because of this, receivers of annotations MUST NOT expect an annotation on every presence packet they receive. If the server wants to perform this traffic optimization, it MUST ensure that the first presence each subscriber receives contains the annotation. The server MUST also ensure that any changes in the annotation (e.g., an updated 'ver' attribute) are sent to all subscribers.</p> <p>A server that is managing an connected client's presence session MAY optimize presence notification traffic sent through the server by stripping off redundant capabilities annotations. Because of this, receivers of presence notifications MUST NOT expect an annotation on every presence notification they receive. If the server performs caps optimization, it MUST ensure that the first presence notification each subscriber receives contains the annotation. The server MUST also ensure that any changes in the caps infomration (e.g., an updated 'ver' attribute) are sent to all subscribers.</p>
<p>If the server did not advertise its capabilities using the <link url='#stream'>Stream Feature</link>, a connected client MAY query the server using <strong>disco#info</strong> to determine if the server supports the <strong>'http://jabber.org/protocol/caps'</strong> feature. If so, the server MUST perform the optimization delineated above, and the client MAY choose to send the capabilities annotation only on the first presence packet, as well as whenever its capabilities change.</p> <p>If a connected client determines that its server supports caps optimization, MAY choose to send the capabilities annotation only on the first presence packet, as well as whenever its capabilities change.</p>
</section1>
<example caption='Disco#info request for server optimization'><![CDATA[ <section1 topic='Determining Support' anchor='support'>
<p>If an entity supports the entity capabilities protocol, it MUST advertise that fact by returning a feature of <strong>'http://jabber.org/protocol/caps'</strong> in response to a service discovery information request.</p>
<example caption="Service discovery information request"><![CDATA[
<iq from='romeo@montague.lit/orchard'
id='disco2'
to='juliet@capulet.lit/balcony'
type='get'>
<query xmlns='http://jabber.org/protocol/disco#info'/>
</iq>
]]></example>
<example caption="Service discovery information response"><![CDATA[
<iq from='juliet@capulet.lit/balcony' <iq from='juliet@capulet.lit/balcony'
id='disco2'
to='romeo@montague.lit/orchard'
type='result'>
<query xmlns='http://jabber.org/protocol/disco#info'>
...
<feature var='http://jabber.org/protocol/caps'/>
...
</query>
</iq>
]]></example>
<p>If a server supports the <link url='#optimization'>Server Optimization</link> functionality, it MUST also return a feature of <strong>'http://jabber.org/protocol/caps#optimize'</strong> in response to service discovery information requests.</p>
<example caption="Service discovery information request"><![CDATA[
<iq from='juliet@capulet.lit/balcony'
id='disco3'
to='capulet.lit' to='capulet.lit'
type='get'> type='get'>
<query xmlns='http://jabber.org/protocol/disco#info'/> <query xmlns='http://jabber.org/protocol/disco#info'/>
</iq> </iq>
]]></example>
<example caption="Service discovery information response"><![CDATA[
<iq from='capulet.lit' <iq from='capulet.lit'
id='disco3'
to='juliet@capulet.lit/balcony' to='juliet@capulet.lit/balcony'
type='result'> type='result'>
<query xmlns='http://jabber.org/protocol/disco#info'> <query xmlns='http://jabber.org/protocol/disco#info'>
@ -374,7 +410,7 @@
</section1> </section1>
<section1 topic='Directed Presence' anchor='directed'> <section1 topic='Directed Presence' anchor='directed'>
<p>If two entities exchange messages but they do not normally exchange presence (i.e., via presence subscription), the entities MAY choose to send directed presence to each other, where the presence information SHOULD be annotated with the same capabilities information as each entity sends in broadcasted presence. If capabilities information has not been received from another entity, an application MUST assume that the other entity does not support capabilities.</p> <p>If two entities exchange messages but they do not normally exchange presence (i.e., via presence subscription), the entities MAY choose to send directed presence to each other, where the presence information SHOULD be annotated with the same capabilities information as each entity sends in broadcasted presence. Until and unless capabilities information has not been received from another entity, an application MUST assume that the other entity does not support capabilities.</p>
</section1> </section1>
<section1 topic='Caching' anchor='caching'> <section1 topic='Caching' anchor='caching'>
@ -383,9 +419,9 @@
</section1> </section1>
<section1 topic='Security Considerations' anchor='security'> <section1 topic='Security Considerations' anchor='security'>
<p>Use of the protocol specified in this document might make some client-specific forms of attack slightly easier, since the attacker could more easily determine the type of client being used. However, since most clients respond to Service Discovery and Software Version requests without performing access control checks, there is no new vulnerability. Entities that wish to restrict access to capabilities information SHOULD use &xep0016; to define appropriate communications blocking (e.g., an entity MAY choose to allow IQ requests only from "trusted" entities, such as those with whom it has a subscription of "both"); note, however, that such restrictions may be incompatible with the recommendation regarding <link url='#directed'>Directed Presence</link>.</p> <p>Use of the protocol specified in this document might make some client-specific forms of attack slightly easier, since the attacker could more easily determine the type of client being used. However, since most clients respond to Service Discovery and Software Version requests without performing access control checks, there is no new vulnerability. Entities that wish to restrict access to capabilities information SHOULD use &xep0016; to define appropriate communications blocking (e.g., an entity MAY choose to allow IQ requests only from "trusted" entities, such as those with whom it has a presence subscription of "both"); note, however, that such restrictions may be incompatible with the recommendation regarding <link url='#directed'>Directed Presence</link>.</p>
<p>Adherence to the algorithm defined in the <link url='#ver'>Generation of ver Attribute</link> section of this document for both generation and checking of the 'ver' attribute helps to guard against poisoning of entity capabilities information by malicious or improperly implemented entities.</p> <p>Adherence to the algorithm defined in the <link url='#ver'>Generation of the ver Attribute</link> section of this document for both generation and checking of the 'ver' attribute helps to guard against poisoning of entity capabilities information by malicious or improperly implemented entities.</p>
<p>If the value of the 'ver' attribute is a hash as defined herein (i.e., if the 'ver' attribute is not generated according to the legacy format), inclusion of the 'hash' attribute is required. Knowing explicitly that the value of the 'ver' attribute is a hash enables the recipient to avoid spurious notification of invalid hashes.</p> <p>If the value of the 'ver' attribute is a hash as defined herein (i.e., if the 'ver' attribute is not generated according to the <link url='#legacy'>Legacy Format</link>), inclusion of the 'hash' attribute is required. Knowing explicitly that the value of the 'ver' attribute is a hash enables the recipient to avoid spurious notification of invalid hashes.</p>
<p>Theoretically it may become possible to launch a "pre-image" attack (see &rfc4270;) against the hashes used in the 'ver' attribute, at least when the SHA-1 algorithm is used. However, such attacks are not currently practical, and may not become practical in the foreseeable future. If and when such attacks become practical, this specification will be updated to strongly recommend use of a hashing algorithm that is safer than SHA-1, such as SHA-256. Nevertheless, the SHA-256 algorithm can be used today if implementors are concerned about the safety of the SHA-1 algorithm.</p> <p>Theoretically it may become possible to launch a "pre-image" attack (see &rfc4270;) against the hashes used in the 'ver' attribute, at least when the SHA-1 algorithm is used. However, such attacks are not currently practical, and may not become practical in the foreseeable future. If and when such attacks become practical, this specification will be updated to strongly recommend use of a hashing algorithm that is safer than SHA-1, such as SHA-256. Nevertheless, the SHA-256 algorithm can be used today if implementors are concerned about the safety of the SHA-1 algorithm.</p>
<p>The 'name' attribute of the service discovery &lt;identity/&gt; element is not included in the hash generation method. The primary reason for excluding it is that it is human-readable text and therefore may be provided in different localized versions. As a result, its inclusion would needlessly multiply the number of possible hash values and thus the time and resources required to validate values of the 'ver' attribute.</p> <p>The 'name' attribute of the service discovery &lt;identity/&gt; element is not included in the hash generation method. The primary reason for excluding it is that it is human-readable text and therefore may be provided in different localized versions. As a result, its inclusion would needlessly multiply the number of possible hash values and thus the time and resources required to validate values of the 'ver' attribute.</p>
</section1> </section1>
@ -398,6 +434,9 @@
<section2 topic='Protocol Namespaces' anchor='ns'> <section2 topic='Protocol Namespaces' anchor='ns'>
<p>The &REGISTRAR; includes 'http://jabber.org/protocol/caps' in its registry of protocol namespaces (see &NAMESPACES;).</p> <p>The &REGISTRAR; includes 'http://jabber.org/protocol/caps' in its registry of protocol namespaces (see &NAMESPACES;).</p>
</section2> </section2>
<section2 topic='Service Discovery Features' anchor='registrar-features'>
<p>The XMPP Registrar shall include "http://jabber.org/protocol/caps#optimize" in its registry of service discovery features (see &DISCOFEATURES;).</p>
</section2>
</section1> </section1>
<section1 topic='XML Schema' anchor='schema'> <section1 topic='XML Schema' anchor='schema'>
@ -442,22 +481,14 @@
</section1> </section1>
<section1 topic='Legacy Format' anchor='legacy'> <section1 topic='Legacy Format' anchor='legacy'>
<p>Before Version 1.4 of this specification, the 'ver' attribute was generated differently, the 'ext' attribute was used more extensively, and the 'hash' attribute was absent. For historical purposes, Version 1.3 of this specification is archived at &lt;<link url='http://www.xmpp.org/extensions/attic/xep-0115-1.3.html'>http://www.xmpp.org/extensions/attic/xep-0115-1.3.html</link>&gt;. For backwards-compatibility with the legacy format, the 'node' attribute is REQUIRED and the 'ext' attribute MAY be included.</p> <p>Before Version 1.4 of this specification, the 'ver' attribute was generated differently, the 'ext' attribute was used more extensively, and the 'hash' and 'v' attributes were absent. For historical purposes, Version 1.3 of this specification is archived at &lt;<link url='http://www.xmpp.org/extensions/attic/xep-0115-1.3.html'>http://www.xmpp.org/extensions/attic/xep-0115-1.3.html</link>&gt;. For backwards-compatibility with the legacy format, the 'node' attribute is REQUIRED and the 'ext' attribute MAY be included.</p>
<p>An application can determine if the legacy format is in use by checking for the presence of the 'hash' attribute, which is REQUIRED in the current format.</p> <p>An application can determine if the legacy format is in use by checking for the presence of the 'hash' attribute, which is REQUIRED in the current format.</p>
<p>If an application supports the legacy format, it SHOULD proceed as follows:</p> <p>If a caps-processing application supports the legacy format, it SHOULD check the 'node', 'ver', and 'ext' combinations as specified in the archived version 1.3 of this specification, and MAY cache the results.</p>
<ul> <p>If a caps-processing application does not support the legacy format, it SHOULD ignore the 'ver' value entirely (since the value cannot be verified) and SHOULD NOT cache it, since the application cannot validate the identity and features by checking the hash.</p>
<li>When receiving caps information from a legacy entity, an application SHOULD check the 'node', 'ver', and 'ext' combinations as specified in the archived version 1.3 of this specification, and MAY cache the results.</li>
<li>When sending a disco#info request to a legacy entity, an application SHOULD send the request to the entity's JID with a service discovery node of "node#ver".</li>
</ul>
<p>If an application does not support the legacy format, it SHOULD proceed as follows:</p>
<ul>
<li>When receiving caps information from a legacy entity, an application SHOULD ignore the 'ver' value entirely (since it cannot be verified) and SHOULD NOT cache it, since the application cannot validate the identity and features by checking the hash.</li>
<li>When sending a disco#info request to a legacy entity, an application SHOULD send the request to the entity's JID without a service discovery node of "node#ver".</li>
</ul>
</section1> </section1>
<section1 topic='Acknowledgements' anchor='ack'> <section1 topic='Acknowledgements' anchor='ack'>
<p>Thanks to Rachel Blackman, Dave Cridland, Richard Dobson, Olivier Goffart, Sergei Golovan, Justin Karneges, Jacek Konieczny, Ian Paterson, Kevin Smith, Tomasz Sterna, Michal Vaner, and Matt Yacobucci for comments and suggestions.</p> <p>Thanks to Rachel Blackman, Dave Cridland, Richard Dobson, Olivier Goffart, Sergei Golovan, Justin Karneges, Ian Paterson, Kevin Smith, Tomasz Sterna, Michal Vaner, and Matt Yacobucci for comments and suggestions.</p>
</section1> </section1>
</xep> </xep>