|
|
|
@ -24,6 +24,12 @@
@@ -24,6 +24,12 @@
|
|
|
|
|
<supersededby/> |
|
|
|
|
<shortname>burner</shortname> |
|
|
|
|
&sam; |
|
|
|
|
<revision> |
|
|
|
|
<version>0.1.1</version> |
|
|
|
|
<date>2017-01-28</date> |
|
|
|
|
<initials>ssw</initials> |
|
|
|
|
<remark><p>Improve security considerations.</p></remark> |
|
|
|
|
</revision> |
|
|
|
|
<revision> |
|
|
|
|
<version>0.1</version> |
|
|
|
|
<date>2016-12-07</date> |
|
|
|
@ -176,18 +182,21 @@
@@ -176,18 +182,21 @@
|
|
|
|
|
</section1> |
|
|
|
|
<section1 topic='Security Considerations' anchor='security'> |
|
|
|
|
<p> |
|
|
|
|
To prevent burner JIDs from being abused for spamming, implementations |
|
|
|
|
SHOULD rate limit all burner JIDs in use by an authentication identity as a |
|
|
|
|
single unit. |
|
|
|
|
To prevent burner JIDs from being abused for spamming, implementations MAY |
|
|
|
|
rate limit all burner JIDs in use by an authn identity as a single unit. |
|
|
|
|
However, be advised that this may provide a third party that can monitor |
|
|
|
|
traffic patterns with the ability to determine what burner JIDs belong to |
|
|
|
|
the same user. |
|
|
|
|
To prevent a burner JIDs authn identity from being discovered the same way, |
|
|
|
|
burner JIDs SHOULD NOT share a rate limit with their authn identity. |
|
|
|
|
</p> |
|
|
|
|
<p> |
|
|
|
|
If TLS channel binding information is encoded in the burner JID it is |
|
|
|
|
RECOMMENDED that the tls-unique channel binding value be used as defined by |
|
|
|
|
&rfc5929; §3. |
|
|
|
|
However, for resumed sessions the JIDs SHOULD be considered invalid unless |
|
|
|
|
the master-secret fix from &rfc7627; has been implemented because otherwise |
|
|
|
|
resumption does not include enough context to successfully verify the |
|
|
|
|
binding. |
|
|
|
|
If TLS channel binding information is encoded in the local part of the |
|
|
|
|
burner JID it is RECOMMENDED that the tls-unique channel binding value be |
|
|
|
|
used as defined by &rfc5929; §3. |
|
|
|
|
Note that unless the master-secret fix from &rfc7627; has been implemented |
|
|
|
|
channel binding information does not include enough context to successfully |
|
|
|
|
verify the binding when resuming a TLS session. |
|
|
|
|
</p> |
|
|
|
|
<p> |
|
|
|
|
Implementations that choose to encode information in the localpart of burner |
|
|
|
|