moparisthebest
/
xeps
mirror of https://github.com/moparisthebest/xeps
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

XEP-0383: Improve Security Considerations

hacx
Sam Whited 6 years ago
parent
4ba979c91f
commit
7a4bd56087
1 changed files with 19 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 29
      xep-0383.xml

29
xep-0383.xml
Unescape View File

@ -24,6 +24,12 @@ @@ -24,6 +24,12 @@
<supersededby/>
<shortname>burner</shortname>
&sam;
<revision>
<version>0.1.1</version>
<date>2017-01-28</date>
<initials>ssw</initials>
<remark><p>Improve security considerations.</p></remark>
</revision>
<revision>
<version>0.1</version>
<date>2016-12-07</date>
@ -176,18 +182,21 @@ @@ -176,18 +182,21 @@
</section1>
<section1 topic='Security Considerations' anchor='security'>
<p>
To prevent burner JIDs from being abused for spamming, implementations
SHOULD rate limit all burner JIDs in use by an authentication identity as a
single unit.
To prevent burner JIDs from being abused for spamming, implementations MAY
rate limit all burner JIDs in use by an authn identity as a single unit.
However, be advised that this may provide a third party that can monitor
traffic patterns with the ability to determine what burner JIDs belong to
the same user.
To prevent a burner JIDs authn identity from being discovered the same way,
burner JIDs SHOULD NOT share a rate limit with their authn identity.
</p>
<p>
If TLS channel binding information is encoded in the burner JID it is
RECOMMENDED that the tls-unique channel binding value be used as defined by
&rfc5929; &sect;3.
However, for resumed sessions the JIDs SHOULD be considered invalid unless
the master-secret fix from &rfc7627; has been implemented because otherwise
resumption does not include enough context to successfully verify the
binding.
If TLS channel binding information is encoded in the local part of the
burner JID it is RECOMMENDED that the tls-unique channel binding value be
used as defined by &rfc5929; &sect;3.
Note that unless the master-secret fix from &rfc7627; has been implemented
channel binding information does not include enough context to successfully
verify the binding when resuming a TLS session.
</p>
<p>
Implementations that choose to encode information in the localpart of burner

Write Preview
Loading…
Cancel
Save