diff --git a/xep-0274.xml b/xep-0274.xml index 1ed9fdc5..eceb127f 100644 --- a/xep-0274.xml +++ b/xep-0274.xml @@ -14,7 +14,7 @@ CDCIE-CCP Cross Domain Collaborative Information Environment (CDCIE) Chat Client Protocol Specification, Version 2.0, Trident Systems, Inc., 12 March 2008" > XMLDSIG XML Signature Syntax and Processing, W3C Recommendation, 10 June 2008 <http://www.w3.org/TR/xmldsig-core/>." > XPointer XML Pointer Language (XPointer), W3C Recommendation, 8 June 2001 <http://www.w3.org/TR/xptr>." > - XMPP DSIG XMPP Digital Signatures <http://xmpp.org/extensions/inbox/dsig.html>." >%ents; + XMPP DSIG Encapsulated Digital Signatures in XMPP <http://xmpp.org/extensions/inbox/encapsulated-signatures.html>." >%ents; ]> @@ -35,6 +35,15 @@ N/A &kdz; + + 0.3 + 201l-01-12 + kdz + +

Update discussions based upon introduction of Encapsulated Digital Signatures in XMPP, + an alternative to XEP-0285.

+ + 0.2 2010-09-29 @@ -243,14 +252,12 @@

At the time of this writing, XMPP E2E has not been widely implemented. XMPP E2E appears to have limited applicability.

- -

The &xep0285; (XMPP DSIG), like the XMPP E2E, uses an encapsulating - signature to protects the signed content from alteration as it is exchanged over an XMPP - network. XMPP DSIG avoids certain dependencies which are believed to have hindered - implementation of XMPP E2E. It is hoped that the XMPP DSIG will prove to be more viable - solution than XMPP E2E. Like XMPP E2E, XMPP DSIG does not support optimistic signing.

-

At the time of this writing, XMPP DSIG was just introduced.

-

+ +

The &xep0027; (XMPP PGP), like the XMPP E2E, uses an encapsulating signature to protects + the signed content from alteration as it is exchanged over an XMPP network. Like + XMPP E2E, it is intended to be an end-to-end solution.

+

At the time of this writing, XMPP PGP has not been widely implemented (though some + implementations do exist). XMPP PGP appears to have limited applicability.

Alternative approaches have been developed. For instance, the Cross Domain Collaborative @@ -265,14 +272,22 @@

While this approach has been implemented and deployed to some extent, the approach appears to have applicability limited to the CDCIE.

 + +

The &xmpp-dsig-new; (XMPP DSIG) is an encapsulated signature proposal similar to + that encapsulated approach suggested below.

+

Unlike CDCIE-CCP approach, XMPP DSIG signatures are not "enveloped" signatures over the + whole stanza but signatures over a manifest and descriptive objects detailing the stanza + contents.

+

An encapsulating signature is a signature approach that encapsulates the signed content within the signature syntax. An encapsulated signature is a signature approach where the - signature syntax in encapsulated within the structure of the signed content. XMPP E2E and - XMPP DSIG are examples of the former. CDCIE-CCP is an example of the latter.

+ signature syntax in encapsulated within the structure of the signed content. XMPP E2E + and XMPP PGP are examples of the former. CDCIE-CCP and XMPP DSIG are examples + of the latter.

The following example illustrates, using pseudo language, an encapsulating signature over a &MESSAGE; stanza.

@@ -311,8 +326,8 @@ ]]> -

Applicability of a simple (non-nesting) encapsulating signatures, such as in XMPP E2E and - XMPP DSIG, are generally limited to end-to-end use cases. That is, cases where the +

Applicability of a simple (non-nesting) encapsulating signatures, such as in XMPP E2E + and XMPP PGP, are generally limited to end-to-end use cases. That is, cases where the originator of a stanza signs the stanza and send it through the XMPP network to its intended recipient, and only the intended recipient is expected to make use of the signed content. Entities between the signer and the intended recipient are expected to forward of the stanza @@ -456,12 +471,12 @@ - + message chat juliet@example.com romeo@example.net - + diff --git a/xep-0285.xml b/xep-0285.xml index ffb6aa2b..d369bd81 100755 --- a/xep-0285.xml +++ b/xep-0285.xml @@ -10,9 +10,9 @@
- Digital Signatures in XMPP - This document provides a technical specification for Digital Signatures in the - Extensible Messaging and Presence Protocol (XMPP). &LEGALNOTICE; + Encapsulating Digital Signatures in XMPP + This document provides a technical specification for Encapsulating Digital Signatures + in the Extensible Messaging and Presence Protocol (XMPP). &LEGALNOTICE; 0285 Experimental Standards Track @@ -26,6 +26,13 @@ N/A &kdz; + + 0.3 + 2011-01-12 + kdz +

Change title, and clarify in text, that this is an encapulating digital + signature approach, an alternative to the encapulated digitial signatures proposal.

 + 0.2 2010-09-29 @@ -49,6 +56,9 @@
+

This document is one of two proposals for digital signatures in XMPP. It is expected + that only one of these proposals be progressed beyond Experimental on the Standards Track.

+

This document provides a technical specification for Digital Signatures in Extensible Messaging and Presence Protocol (&xmpp;) based upon End-to-End Object Encryption (&E2EEncrypt;) "work in progress".

@@ -59,9 +69,11 @@ referred to as an "offline message"). The authors surmise that RFC 3923 has not been implemented mainly because it adds several new dependencies to XMPP clients, especially MIME (along with the CPIM and MSGFMT media types).

-

This document explores the possibility of an - approach that is similar to but simpler than RFC 3923. Like the approach detailed in RFC 3923, - the approach detailed does not support optimistic signing.

+

This document explores the possibility of an approach that is similar to but simpler than + RFC 3923. Like the approach detailed in RFC 3923, the approach utilizes encapsulating + digital signatures.

+

Like other encapsulating signature approaches (e.g., &xep0027;), this approach does not + support optimistic signing.

The process that a sending agent follows for securing stanzas is very similar regardless of