moparisthebest
/
xeps
mirror of https://github.com/moparisthebest/xeps
1
0
Fork 0
Code Issues Releases Wiki Activity

XEP 274 and XEP 285 updates

This commit is contained in:
Kurt Zeilenga 2011-01-12 11:18:23 -08:00
parent a6b90f6a7b
commit 6a6f013f4e
2 changed files with 48 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
xep-0274.xml
View File

@ -14,7 +14,7 @@
<!ENTITY CDCIE-CCP "<span class='ref'>CDCIE-CCP</span> <note>Cross Domain Collaborative Information Environment (CDCIE) Chat Client Protocol Specification, Version 2.0, Trident Systems, Inc., 12 March 2008</note>" > <!ENTITY CDCIE-CCP "<span class='ref'>CDCIE-CCP</span> <note>Cross Domain Collaborative Information Environment (CDCIE) Chat Client Protocol Specification, Version 2.0, Trident Systems, Inc., 12 March 2008</note>" >
<!ENTITY XMLDSIG "<span class='ref'><link url='http://www.w3.org/TR/xmldsig-core/'>XMLDSIG</link></span> <note>XML Signature Syntax and Processing, W3C Recommendation, 10 June 2008 &lt;<link url='http://www.w3.org/TR/xmldsig-core/'>http://www.w3.org/TR/xmldsig-core/</link>&gt;.</note>" > <!ENTITY XMLDSIG "<span class='ref'><link url='http://www.w3.org/TR/xmldsig-core/'>XMLDSIG</link></span> <note>XML Signature Syntax and Processing, W3C Recommendation, 10 June 2008 &lt;<link url='http://www.w3.org/TR/xmldsig-core/'>http://www.w3.org/TR/xmldsig-core/</link>&gt;.</note>" >
<!ENTITY XPointer "<span class='ref'><link url='http://www.w3.org/TR/xptr'>XPointer</link></span> <note>XML Pointer Language (XPointer), W3C Recommendation, 8 June 2001 &lt;<link url='http://www.w3.org/TR/xptr'>http://www.w3.org/TR/xptr</link>&gt;.</note>" > <!ENTITY XPointer "<span class='ref'><link url='http://www.w3.org/TR/xptr'>XPointer</link></span> <note>XML Pointer Language (XPointer), W3C Recommendation, 8 June 2001 &lt;<link url='http://www.w3.org/TR/xptr'>http://www.w3.org/TR/xptr</link>&gt;.</note>" >
<!ENTITY xmppdsig "<span class='ref'><link url='http://xmpp.org/extensions/inbox/dsig.html'>XMPP DSIG</link></span> <note>XMPP Digital Signatures &lt;<link url='http://xmpp.org/extensions/inbox/dsig.html'>http://xmpp.org/extensions/inbox/dsig.html</link>&gt;.</note>" >%ents; <!ENTITY xmpp-dsig-new "<span class='ref'><link url='http://xmpp.org/extensions/inbox/encapsulated-signatures.html'>XMPP DSIG</link></span> <note>Encapsulated Digital Signatures in XMPP &lt;<link url='http://xmpp.org/extensions/inbox/encapsulated-signatures.html'>http://xmpp.org/extensions/inbox/encapsulated-signatures.html</link>&gt;.</note>" >%ents;
]> ]>
<?xml-stylesheet type='text/xsl' href='xep.xsl'?> <?xml-stylesheet type='text/xsl' href='xep.xsl'?>
<xep> <xep>
@ -35,6 +35,15 @@
<supersededby/> <supersededby/>
<shortname>N/A</shortname> <shortname>N/A</shortname>
&kdz; &kdz;
<revision>
<version>0.3</version>
<date>201l-01-12</date>
<initials>kdz</initials>
<remark>
<p>Update discussions based upon introduction of Encapsulated Digital Signatures in XMPP,
an alternative to XEP-0285.</p>
</remark>
</revision>
<revision> <revision>
<version>0.2</version> <version>0.2</version>
<date>2010-09-29</date> <date>2010-09-29</date>
@ -243,14 +252,12 @@
<p>At the time of this writing, XMPP E2E has not been widely implemented. XMPP E2E appears to <p>At the time of this writing, XMPP E2E has not been widely implemented. XMPP E2E appears to
have limited applicability. </p> have limited applicability. </p>
</section2> </section2>
<section2 topic="XMPP DSIG" anchor="xmpp-dsig"> <section2 topic="PGP signatures in XMPP" anchor="xmpp-e2e">
<p>The &xep0285; (XMPP DSIG), like the XMPP E2E, uses an encapsulating <p>The &xep0027; (XMPP PGP), like the XMPP E2E, uses an encapsulating signature to protects
signature to protects the signed content from alteration as it is exchanged over an XMPP the signed content from alteration as it is exchanged over an XMPP network. Like
network. XMPP DSIG avoids certain dependencies which are believed to have hindered XMPP E2E, it is intended to be an end-to-end solution.</p>
implementation of XMPP E2E. It is hoped that the XMPP DSIG will prove to be more viable <p>At the time of this writing, XMPP PGP has not been widely implemented (though some
solution than XMPP E2E. Like XMPP E2E, XMPP DSIG does not support <em>optimistic signing</em>.</p> implementations do exist). XMPP PGP appears to have limited applicability.</p>
<p>At the time of this writing, XMPP DSIG was just introduced.</p>
<p/>
</section2> </section2>
<section2 topic="CDCIE-CCP" anchor="cdcie-ccp"> <section2 topic="CDCIE-CCP" anchor="cdcie-ccp">
<p>Alternative approaches have been developed. For instance, the Cross Domain Collaborative <p>Alternative approaches have been developed. For instance, the Cross Domain Collaborative
@ -265,14 +272,22 @@
<p>While this approach has been implemented and deployed to some extent, the approach appears <p>While this approach has been implemented and deployed to some extent, the approach appears
to have applicability limited to the CDCIE.</p> to have applicability limited to the CDCIE.</p>
</section2> </section2>
<section2 topic="Encapsulated Digitial Signatures in XMPP" anchor="xmpp-ed-dsig">
<p>The &xmpp-dsig-new; (XMPP DSIG) is an encapsulated signature proposal similar to
that encapsulated approach suggested below.</p>
<p>Unlike CDCIE-CCP approach, XMPP DSIG signatures are not "enveloped" signatures over the
whole stanza but signatures over a manifest and descriptive objects detailing the stanza
contents.</p>
</section2>
</section1> </section1>
<section1 topic="Protocol Design Discussion" anchor="design"> <section1 topic="Protocol Design Discussion" anchor="design">
<section2 topic="Encapsulated v. Encapsulating Signatures" anchor="encap"> <section2 topic="Encapsulated v. Encapsulating Signatures" anchor="encap">
<p>An encapsulating signature is a signature approach that encapsulates the signed content <p>An encapsulating signature is a signature approach that encapsulates the signed content
within the signature syntax. An encapsulated signature is a signature approach where the within the signature syntax. An encapsulated signature is a signature approach where the
signature syntax in encapsulated within the structure of the signed content. XMPP E2E and signature syntax in encapsulated within the structure of the signed content. XMPP E2E
XMPP DSIG are examples of the former. CDCIE-CCP is an example of the latter.</p> and XMPP PGP are examples of the former. CDCIE-CCP and XMPP DSIG are examples
of the latter.</p>
<p>The following example illustrates, using pseudo language, an encapsulating signature over a <p>The following example illustrates, using pseudo language, an encapsulating signature over a
&MESSAGE; stanza.</p> &MESSAGE; stanza.</p>
@ -311,8 +326,8 @@
</encapsulated-signature> </encapsulated-signature>
</message> </message>
]]></example> ]]></example>
<p>Applicability of a simple (non-nesting) encapsulating signatures, such as in XMPP E2E and <p>Applicability of a simple (non-nesting) encapsulating signatures, such as in XMPP E2E
XMPP DSIG, are generally limited to end-to-end use cases. That is, cases where the and XMPP PGP, are generally limited to end-to-end use cases. That is, cases where the
originator of a stanza signs the stanza and send it through the XMPP network to its intended originator of a stanza signs the stanza and send it through the XMPP network to its intended
recipient, and only the intended recipient is expected to make use of the signed content. recipient, and only the intended recipient is expected to make use of the signed content.
Entities between the signer and the intended recipient are expected to forward of the stanza Entities between the signer and the intended recipient are expected to forward of the stanza
@ -456,12 +471,12 @@
</Manifest> </Manifest>
</Object> </Object>
<Object> <Object>
<XMPPprop id='X-xmppprop'> <XMPPproperties id='X-xmppprop'>
<stanza>message</stanza> <stanza>message</stanza>
<type>chat</type> <type>chat</type>
<from>juliet@example.com</from> <from>juliet@example.com</from>
<to>romeo@example.net</to> <to>romeo@example.net</to>
</XMPPStanza> </XMPPproperties>
</Object> </Object>
<Object> <Object>
<SignatureProperties id="X-sigprop" Target="#X-sig"> <SignatureProperties id="X-sigprop" Target="#X-sig">

24
xep-0285.xml
View File

@ -10,9 +10,9 @@
<?xml-stylesheet type='text/xsl' href='xep.xsl'?> <?xml-stylesheet type='text/xsl' href='xep.xsl'?>
<xep> <xep>
<header> <header>
<title>Digital Signatures in XMPP</title> <title>Encapsulating Digital Signatures in XMPP</title>
<abstract>This document provides a technical specification for Digital Signatures in the <abstract>This document provides a technical specification for Encapsulating Digital Signatures
Extensible Messaging and Presence Protocol (XMPP).</abstract> &LEGALNOTICE; in the Extensible Messaging and Presence Protocol (XMPP).</abstract> &LEGALNOTICE;
<number>0285</number> <number>0285</number>
<status>Experimental</status> <status>Experimental</status>
<type>Standards Track</type> <type>Standards Track</type>
@ -26,6 +26,13 @@
<supersededby/> <supersededby/>
<shortname>N/A</shortname> <shortname>N/A</shortname>
&kdz; &kdz;
<revision>
<version>0.3</version>
<date>2011-01-12</date>
<initials>kdz</initials>
<remark><p>Change title, and clarify in text, that this is an encapulating digital
signature approach, an alternative to the encapulated digitial signatures proposal.</p></remark>
</revision>
<revision> <revision>
<version>0.2</version> <version>0.2</version>
<date>2010-09-29</date> <date>2010-09-29</date>
@ -49,6 +56,9 @@
</header> </header>
<section1 topic="Introduction" anchor="intro"> <section1 topic="Introduction" anchor="intro">
<p class='box'><em>This document is one of two proposals for digital signatures in XMPP. It is expected
that only one of these proposals be progressed beyond Experimental on the Standards Track.</em></p>
<p>This document provides a technical specification for Digital Signatures in Extensible <p>This document provides a technical specification for Digital Signatures in Extensible
Messaging and Presence Protocol (&xmpp;) based upon End-to-End Object Encryption Messaging and Presence Protocol (&xmpp;) based upon End-to-End Object Encryption
(&E2EEncrypt;) "work in progress".</p> (&E2EEncrypt;) "work in progress".</p>
@ -59,9 +69,11 @@
referred to as an "offline message"). The authors surmise that RFC 3923 has not been referred to as an "offline message"). The authors surmise that RFC 3923 has not been
implemented mainly because it adds several new dependencies to XMPP clients, especially MIME implemented mainly because it adds several new dependencies to XMPP clients, especially MIME
(along with the CPIM and MSGFMT media types).</p> (along with the CPIM and MSGFMT media types).</p>
<p>This document explores the possibility of an <p>This document explores the possibility of an approach that is similar to but simpler than
approach that is similar to but simpler than RFC 3923. Like the approach detailed in RFC 3923, RFC 3923. Like the approach detailed in RFC 3923, the approach utilizes encapsulating
the approach detailed does not support <em>optimistic signing</em>.</p> digital signatures.</p>
<p>Like other encapsulating signature approaches (e.g., &xep0027;), this approach does not
support <em>optimistic signing</em>.</p>
</section1> </section1>
<section1 topic="Signing XMPP Stanzas" anchor="stanza"> <section1 topic="Signing XMPP Stanzas" anchor="stanza">
<p>The process that a sending agent follows for securing stanzas is very similar regardless of <p>The process that a sending agent follows for securing stanzas is very similar regardless of