XEP 274 and XEP 285 updates

This commit is contained in:
Kurt Zeilenga 2011-01-12 11:18:23 -08:00
parent a6b90f6a7b
commit 6a6f013f4e
2 changed files with 48 additions and 21 deletions

View File

@ -14,7 +14,7 @@
<!ENTITY CDCIE-CCP "<span class='ref'>CDCIE-CCP</span> <note>Cross Domain Collaborative Information Environment (CDCIE) Chat Client Protocol Specification, Version 2.0, Trident Systems, Inc., 12 March 2008</note>" >
<!ENTITY XMLDSIG "<span class='ref'><link url='http://www.w3.org/TR/xmldsig-core/'>XMLDSIG</link></span> <note>XML Signature Syntax and Processing, W3C Recommendation, 10 June 2008 &lt;<link url='http://www.w3.org/TR/xmldsig-core/'>http://www.w3.org/TR/xmldsig-core/</link>&gt;.</note>" >
<!ENTITY XPointer "<span class='ref'><link url='http://www.w3.org/TR/xptr'>XPointer</link></span> <note>XML Pointer Language (XPointer), W3C Recommendation, 8 June 2001 &lt;<link url='http://www.w3.org/TR/xptr'>http://www.w3.org/TR/xptr</link>&gt;.</note>" >
<!ENTITY xmppdsig "<span class='ref'><link url='http://xmpp.org/extensions/inbox/dsig.html'>XMPP DSIG</link></span> <note>XMPP Digital Signatures &lt;<link url='http://xmpp.org/extensions/inbox/dsig.html'>http://xmpp.org/extensions/inbox/dsig.html</link>&gt;.</note>" >%ents;
<!ENTITY xmpp-dsig-new "<span class='ref'><link url='http://xmpp.org/extensions/inbox/encapsulated-signatures.html'>XMPP DSIG</link></span> <note>Encapsulated Digital Signatures in XMPP &lt;<link url='http://xmpp.org/extensions/inbox/encapsulated-signatures.html'>http://xmpp.org/extensions/inbox/encapsulated-signatures.html</link>&gt;.</note>" >%ents;
]>
<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
<xep>
@ -35,6 +35,15 @@
<supersededby/>
<shortname>N/A</shortname>
&kdz;
<revision>
<version>0.3</version>
<date>201l-01-12</date>
<initials>kdz</initials>
<remark>
<p>Update discussions based upon introduction of Encapsulated Digital Signatures in XMPP,
an alternative to XEP-0285.</p>
</remark>
</revision>
<revision>
<version>0.2</version>
<date>2010-09-29</date>
@ -243,14 +252,12 @@
<p>At the time of this writing, XMPP E2E has not been widely implemented. XMPP E2E appears to
have limited applicability. </p>
</section2>
<section2 topic="XMPP DSIG" anchor="xmpp-dsig">
<p>The &xep0285; (XMPP DSIG), like the XMPP E2E, uses an encapsulating
signature to protects the signed content from alteration as it is exchanged over an XMPP
network. XMPP DSIG avoids certain dependencies which are believed to have hindered
implementation of XMPP E2E. It is hoped that the XMPP DSIG will prove to be more viable
solution than XMPP E2E. Like XMPP E2E, XMPP DSIG does not support <em>optimistic signing</em>.</p>
<p>At the time of this writing, XMPP DSIG was just introduced.</p>
<p/>
<section2 topic="PGP signatures in XMPP" anchor="xmpp-e2e">
<p>The &xep0027; (XMPP PGP), like the XMPP E2E, uses an encapsulating signature to protects
the signed content from alteration as it is exchanged over an XMPP network. Like
XMPP E2E, it is intended to be an end-to-end solution.</p>
<p>At the time of this writing, XMPP PGP has not been widely implemented (though some
implementations do exist). XMPP PGP appears to have limited applicability.</p>
</section2>
<section2 topic="CDCIE-CCP" anchor="cdcie-ccp">
<p>Alternative approaches have been developed. For instance, the Cross Domain Collaborative
@ -265,14 +272,22 @@
<p>While this approach has been implemented and deployed to some extent, the approach appears
to have applicability limited to the CDCIE.</p>
</section2>
<section2 topic="Encapsulated Digitial Signatures in XMPP" anchor="xmpp-ed-dsig">
<p>The &xmpp-dsig-new; (XMPP DSIG) is an encapsulated signature proposal similar to
that encapsulated approach suggested below.</p>
<p>Unlike CDCIE-CCP approach, XMPP DSIG signatures are not "enveloped" signatures over the
whole stanza but signatures over a manifest and descriptive objects detailing the stanza
contents.</p>
</section2>
</section1>
<section1 topic="Protocol Design Discussion" anchor="design">
<section2 topic="Encapsulated v. Encapsulating Signatures" anchor="encap">
<p>An encapsulating signature is a signature approach that encapsulates the signed content
within the signature syntax. An encapsulated signature is a signature approach where the
signature syntax in encapsulated within the structure of the signed content. XMPP E2E and
XMPP DSIG are examples of the former. CDCIE-CCP is an example of the latter.</p>
signature syntax in encapsulated within the structure of the signed content. XMPP E2E
and XMPP PGP are examples of the former. CDCIE-CCP and XMPP DSIG are examples
of the latter.</p>
<p>The following example illustrates, using pseudo language, an encapsulating signature over a
&MESSAGE; stanza.</p>
@ -311,8 +326,8 @@
</encapsulated-signature>
</message>
]]></example>
<p>Applicability of a simple (non-nesting) encapsulating signatures, such as in XMPP E2E and
XMPP DSIG, are generally limited to end-to-end use cases. That is, cases where the
<p>Applicability of a simple (non-nesting) encapsulating signatures, such as in XMPP E2E
and XMPP PGP, are generally limited to end-to-end use cases. That is, cases where the
originator of a stanza signs the stanza and send it through the XMPP network to its intended
recipient, and only the intended recipient is expected to make use of the signed content.
Entities between the signer and the intended recipient are expected to forward of the stanza
@ -456,12 +471,12 @@
</Manifest>
</Object>
<Object>
<XMPPprop id='X-xmppprop'>
<XMPPproperties id='X-xmppprop'>
<stanza>message</stanza>
<type>chat</type>
<from>juliet@example.com</from>
<to>romeo@example.net</to>
</XMPPStanza>
</XMPPproperties>
</Object>
<Object>
<SignatureProperties id="X-sigprop" Target="#X-sig">

View File

@ -10,9 +10,9 @@
<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
<xep>
<header>
<title>Digital Signatures in XMPP</title>
<abstract>This document provides a technical specification for Digital Signatures in the
Extensible Messaging and Presence Protocol (XMPP).</abstract> &LEGALNOTICE;
<title>Encapsulating Digital Signatures in XMPP</title>
<abstract>This document provides a technical specification for Encapsulating Digital Signatures
in the Extensible Messaging and Presence Protocol (XMPP).</abstract> &LEGALNOTICE;
<number>0285</number>
<status>Experimental</status>
<type>Standards Track</type>
@ -26,6 +26,13 @@
<supersededby/>
<shortname>N/A</shortname>
&kdz;
<revision>
<version>0.3</version>
<date>2011-01-12</date>
<initials>kdz</initials>
<remark><p>Change title, and clarify in text, that this is an encapulating digital
signature approach, an alternative to the encapulated digitial signatures proposal.</p></remark>
</revision>
<revision>
<version>0.2</version>
<date>2010-09-29</date>
@ -49,6 +56,9 @@
</header>
<section1 topic="Introduction" anchor="intro">
<p class='box'><em>This document is one of two proposals for digital signatures in XMPP. It is expected
that only one of these proposals be progressed beyond Experimental on the Standards Track.</em></p>
<p>This document provides a technical specification for Digital Signatures in Extensible
Messaging and Presence Protocol (&xmpp;) based upon End-to-End Object Encryption
(&E2EEncrypt;) "work in progress".</p>
@ -59,9 +69,11 @@
referred to as an "offline message"). The authors surmise that RFC 3923 has not been
implemented mainly because it adds several new dependencies to XMPP clients, especially MIME
(along with the CPIM and MSGFMT media types).</p>
<p>This document explores the possibility of an
approach that is similar to but simpler than RFC 3923. Like the approach detailed in RFC 3923,
the approach detailed does not support <em>optimistic signing</em>.</p>
<p>This document explores the possibility of an approach that is similar to but simpler than
RFC 3923. Like the approach detailed in RFC 3923, the approach utilizes encapsulating
digital signatures.</p>
<p>Like other encapsulating signature approaches (e.g., &xep0027;), this approach does not
support <em>optimistic signing</em>.</p>
</section1>
<section1 topic="Signing XMPP Stanzas" anchor="stanza">
<p>The process that a sending agent follows for securing stanzas is very similar regardless of