Merge branches 'feature/xep-0391', 'feature/xep-0060', 'feature/protoxep-cap' and 'feature/protoxep-jet-omemo'

This commit is contained in:
Jonas Wielicki 2017-10-10 08:32:42 +02:00
commit 746cbc7f38
3 changed files with 300 additions and 53 deletions

View File

@ -22,6 +22,18 @@
<remark><p>Use a custom item value (CAP-V).</p></remark>
<remark><p>Use PubSub publish-options preconditions.</p></remark>
@ -50,28 +62,91 @@
<section1 topic='Compare-And-Publish PubSub Items' anchor='cap'>
<p>In order to atomically compare-and-publish an item, a client
sends an &IQ; with a 'pubsub' element qualified by the
'urn:xmpp:pubsub:cap:0' namespace. The element MUST contain the same
attributes and elements as the &lt;publish/&gt; element defined in
&xep0060; <em>and</em> it MUST contain a previd attribute containing
an item ID.</p>
<section2 topic='PubSub Item Compare-And-Publish Value (CAP-V)' anchor='cap-v'>
<p>The PubSub service MUST only publish the item if the node's
latest item ID is equal to the ID found in the 'previd'
<p>PubSub services supporting the Compare-And-Publish PubSub extension MUST include a Comapre-and-Publish value
(CAP-V) for every item in every response. The CAP-V value MUST change if the content of the item changed and
different item content under the same node MUST NOT yield the same CAP-V. A simple computation of the CAP-ID would
be to hash the String representation of the item's content.</p>
<example caption='Publisher publishes an item using Compare-And-Publish'><![CDATA[
<p>CAP-Vs are assoicated with PubSub node's items via the item ID. The maping information is placed by the PubSub
service in a &lt;cap-v-map/&gt; extension element, qualified by the 'urn:xmpp:pubsub:cap:0' namespace, as child
element of the &lt;items/&gt; element. The &lt;cap-v-map/&gt; element contains one or more &lt;cap-v-map-entry/&gt;
elements, of which each MUST have a 'item-id' and a 'cap-value' attribute. The former contains the PubSub item ID
value and the later contains the according CAP-V of the item.</p>
<example caption='Service returns some items and their according CAP-Vs'><![CDATA[
<iq type='result'
<pubsub xmlns=''>
<items node='princely_musings'>
<item id='368866411b877c30064a5f62b917cffe'>
<entry xmlns=''>
<title>The Uses of This World</title>
O, that this too too solid flesh would melt
Thaw and resolve itself into a dew!
<item id='3300659945416e274474e469a1f0154c'>
<entry xmlns=''>
<title>Ghostly Encounters</title>
O all you host of heaven! O earth! what else?
And shall I couple hell? O, fie! Hold, hold, my heart;
And you, my sinews, grow not instant old,
But bear me stiffly up. Remember thee!
<item id='4e30f35051b7b8b42abe083742187228'>
<entry xmlns=''>
Now I am alone.
O, what a rogue and peasant slave am I!
<cap-v-map xmlns='urn:xmpp:pubsub:cap:0'>
<section2 topic='PubSub publishing using Compare-And-Publish'>
<p>In order to atomically compare-and-publish an item, a client sends a <cite>XEP-0060</cite> &lt;publish/&gt; IQ
with a 'pubsub#prev_item_cap_value' precondition publishing option, set to the value of the currently assumed CAP-V
of the latest item of the node.</p>
<p>The PubSub service MUST only publish the item if the node's latest item CAP-V is equal to the
CAP-V found in the 'pubsub#prev_item_cap_value' field.</p>
<example caption='Atomically publishing with Compare-And-Publish'><![CDATA[
<iq type='set'
<pubsub xmlns='urn:xmpp:pubsub:cap:0'>
<entry xmlns=''>
<pubsub xmlns=''>
<publish node='princely_musings'>
<item id='2'>
<entry xmlns=''>
To be, or not to be: that is the question:
@ -80,63 +155,73 @@ The slings and arrows of outrageous fortune,
Or to take arms against a sea of troubles,
And by opposing end them?
<link rel='alternate' type='text/html'
<x xmlns='jabber:x:data' type='submit'>
<field var='FORM_TYPE' type='hidden'>
<field var='pubsub#prev_item_cap_value'>
<section2 topic='Successfully published an item using Compare-And-Publish'>
<p>If the 'previd' matched the latest item's ID and if the service
was able to successfully process the request then the protocol
continues as defined in <cite>XEP-0060 7.1.2</cite>.</p>
<section2 topic='Could not publish because newest item ID did not match'>
<p>In case the Compare-And-Publish operation failed because the
latest node id is not the same as given in the 'previd' attribute
in the request, the server returns an &IQ; result with 'pubsub'
element qualified by the 'urn:xmpp:pubsub:cap:0' namespace which
contains a &lt;compare-and-publish-failed/&gt; element. The
element MUST have a 'id' attribute with the ID of the lastest
<p>In case the Compare-And-Publish operation failed because the latest node id is not the same
as given in the 'previd' attribute in the request, the server returns an &lt;conflict/&gt; error
of type 'modify' which a pubsub-specific condition of &lt;precondition-not-met/&gt; and a
&lt;compare-and-publish-failed/&gt; element qualifed by the 'urn:xmpp:pubsub:cap:0'
namespace. The element MUST have a 'cap-id' attribute with the CAP-V of the lastest item.</p>
<example caption='Service returns IQ response notifying of failed Compare-And-Publish operation'><![CDATA[
<iq type='result'
<example caption='Service returns IQ response notifying of failed Compare-And-Publish operation'><![CDATA[
<iq type='error'
<pubsub xmlns='urn:xmpp:pubsub:cap:0'>
<compare-and-publish-failed id='2'/>
<error type='modify'>
<conflict xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
<precondition-not-met xmlns=''/>
<compare-and-publish-failed xmlns='urn:xmpp:pubsub:cap:0' cap-id='2'/>
<section2 topic='Error cases'>
<p>All other error cases are handled as specified in
<cite>XEP-0060 § 7.1.3</cite></p>
<section1 topic='Rationale' anchor='rationale'>
<p>Unfortunately it was not possible to re-use the PubSub item ID for the "Atomically
Compare-And-Publish" purpose. This is mostly due <cite>XEP-0060 § 12.8</cite> stating that:</p>
<p class='box'>
"If a publisher publishes an item and the ItemID
matches that of an existing item, the pubsub service MUST overwrite the existing item and generate a new event
<p> Which means that the content of an item could change without its ID, rendering the item ID
unusable for CAP. </p>
<p>Injecting a "cap"-namespaced attribute carrying the item's CAP-V into PubSub's &lt;item/&gt;
would be a very elegant approach to assign CAP-Vs to PubSub items (and the favored one of the
XEP's author). But the usage of namespaces attributes within XMPP is controversial. Therefore this
XEP resorts to using the &lt;cap-v-map/&gt; approach for now.</p>
<section1 topic='Security Considerations' anchor='security'>
<p>This extension protocol does not add any further security
considerations to the ones mentioned in <cite>XEP-0060 §
<p>This extension protocol does not add any further security considerations to the ones mentioned
in <cite>XEP-0060 § 14.</cite>.</p>
@ -153,17 +238,39 @@ And by opposing end them?
<code caption='Registry Submission'><![CDATA[
<code caption='Registry Submission'><![CDATA[
<desc>Indicates support for Compare-And-Publish</desc>
<desc>Indicates support for Compare-And-Publish</desc>
<p>This specification defines the following &lt;publish-options/&gt; fields:</p>
<code caption='Registry Submission'><![CDATA[
<field var='pubsub#prev_item_cap_value'
label='Precondition: The assumed value of the latest item&apos; CAP-V of the node'/>]]></code>
<section1 topic='XML Schema' anchor='schema'>
<p>TODO: Add after the XEP leaves the 'experimental' state.</p>
<section1 topic='Acknowledgements' anchor='acknowledgements'>
<p>Thanks to Kim Alvefur and Dave Cridland for their feedback.</p>
<!-- Local Variables: -->
<!-- fill-column: 100 -->
<!-- indent-tabs-mode: nil -->
<!-- End: -->

inbox/jet-omemo.xml Normal file
View File

@ -0,0 +1,133 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE xep SYSTEM 'xep.dtd' [
<!ENTITY secret "&lt;secret/&gt;">
<!ENTITY % ents SYSTEM 'xep.ent'>
<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
<title>Jingle Encrypted Transports - OMEMO</title>
<abstract>Extension for JET introducing OMEMO End-to-End Encrypted Jingle Transports.</abstract>
<type>Standards Track</type>
<remark><p>First draft</p></remark>
<section1 topic='Introduction' anchor='intro'>
<p>&xep0391; can be used to utilize different end-to-end encryption methods to secure Jingle Transports, eg. in the context of &xep0234;. This document aims to extend &xep0391; to allow the use of OMEMO encryption with Jingle transports. To achieve this goal, this protocol extension makes use of OMEMOs <link url=''>KeyTransportElements</link>.</p>
<section1 topic='Mappings' anchor='mappings'>
<p>Conveniently the OMEMO protocol already provides a way to transport key material to another entity. So called KeyTransportElements are basically normal OMEMO MessageElements, but without a payload, so the contained key can be used for something else (See Section 4.6 of <cite>XEP-0384</cite>). This extension uses the key encrypted in the KeyTransportMessages &lt;key&gt; attribute and initialization vector from the &lt;iv&gt; attribute to secure Jingle Transports. The key corresponds to the <cite>Transport Key</cite> of <cite>XEP-0391</cite>, while the iv corresponds to the <cite>Initialization Vector</cite>. The KeyTransportMessage is the equivalent to the <cite>Envelope Element</cite>. Note that within the Envelope Element, the Transport Key is encrypted with the OMEMO ratchet.</p>
<section1 topic='Limitaions' anchor='limitations'>
<p>Unfortunately &xep0384; determines the type of the transported key to be AES-128-GCM-NoPadding, so no other configuration can be used in the context of this extension.</p>
<p>Since OMEMO deviceIds are not bound to XMPP resources, the initiator MUST encrypt the Transport Key for every device of the recipient.</p>
<section1 topic='Key Transport' anchor='transport'>
<p>In order to transport a key to the responder, the initiator creates a fresh AES-128-GCM-NoPadding Transport Key and Initialization Vector and generates an OMEMO KeyTransportElement from it as described in <cite>XEP-0384</cite>. This is then added as a child of the JET &lt;security&gt; element. The 'cipher' attribute MUST be set to 'aes-128-gcm-nopadding:0' (see the <link url=''>ciphers</link> section of <cite>XEP-0391</cite>). The value of the 'type' attribute must be set to the namespace of the used version of <cite>XEP-0384</cite> &VNOTE;.</p>
<example caption="Romeo initiates an OMEMO encrypted file offer"><![CDATA[
<iq from='romeo@montague.example/dr4hcr0st3lup4c'
<jingle xmlns='urn:xmpp:jingle:1'
<content creator='initiator' name='a-file-offer' senders='initiator'>
<description xmlns='urn:xmpp:jingle:apps:file-transfer:5'>
<desc>This is a test. If this were a real file...</desc>
<hash xmlns='urn:xmpp:hashes:2'
<transport xmlns='urn:xmpp:jingle:transports:s5b:1'
<candidate cid='hft54dqy'
<security xmlns='urn:xmpp:jingle:jet:0'
<encrypted xmlns='eu.siacs.conversations.axolotl'>
<header sid='27183'>
<key rid='31415'>BASE64ENCODED...</key>
<key prekey="true" rid='12321'>BASE64ENCODED...</key>
<!-- ... -->
<p>The recipient decrypts the OMEMO KeyTransportElement to retrieve the Transport Secret. Transport Key and Initialization Vector are later used to encrypt/decrypt data as described in &xep0391;.</p>
<section1 topic='Determining Support' anchor='support'>
<p>To advertise its support for JET-OMEMO, when replying to service discovery information ("disco#info") requests an entity MUST return URNs for any version of this extension, as well as of the JET extension that the entity supports -- e.g., "urn:xmpp:jingle:jet-omemo:0" for this version, or "urn:xmpp:jingle:jet:0" for &xep0391; &VNOTE;.</p>
<example caption="Service discovery information request"><![CDATA[
<iq from='romeo@montague.example/dr4hcr0st3lup4c'
<query xmlns=''/>
<example caption="Service discovery information response"><![CDATA[
<iq from='juliet@capulet.example/yn0cl4bnw0yr3vym'
<query xmlns=''>
<feature var='urn:xmpp:jingle:jet:0'/>
<feature var='urn:xmpp:jingle:jet-omemo:0'/>
<p>In order for an application to determine whether an entity supports this protocol, where possible it SHOULD use the dynamic, presence-based profile of service discovery defined in &xep0115;. However, if an application has not received entity capabilities information from an entity, it SHOULD use explicit service discovery instead.</p>

View File

@ -20,6 +20,7 @@
<spec>XMPP Core</spec>
@ -49,6 +50,12 @@
<initials>fs (XEP Editor: jwi)</initials>
<remark><p>Add missing dependency on XEP-0059.</p></remark>