mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-24 10:12:19 -05:00
XEP-0383: Improve Security Considerations
This commit is contained in:
parent
4ba979c91f
commit
7a4bd56087
29
xep-0383.xml
29
xep-0383.xml
@ -24,6 +24,12 @@
|
|||||||
<supersededby/>
|
<supersededby/>
|
||||||
<shortname>burner</shortname>
|
<shortname>burner</shortname>
|
||||||
&sam;
|
&sam;
|
||||||
|
<revision>
|
||||||
|
<version>0.1.1</version>
|
||||||
|
<date>2017-01-28</date>
|
||||||
|
<initials>ssw</initials>
|
||||||
|
<remark><p>Improve security considerations.</p></remark>
|
||||||
|
</revision>
|
||||||
<revision>
|
<revision>
|
||||||
<version>0.1</version>
|
<version>0.1</version>
|
||||||
<date>2016-12-07</date>
|
<date>2016-12-07</date>
|
||||||
@ -176,18 +182,21 @@
|
|||||||
</section1>
|
</section1>
|
||||||
<section1 topic='Security Considerations' anchor='security'>
|
<section1 topic='Security Considerations' anchor='security'>
|
||||||
<p>
|
<p>
|
||||||
To prevent burner JIDs from being abused for spamming, implementations
|
To prevent burner JIDs from being abused for spamming, implementations MAY
|
||||||
SHOULD rate limit all burner JIDs in use by an authentication identity as a
|
rate limit all burner JIDs in use by an authn identity as a single unit.
|
||||||
single unit.
|
However, be advised that this may provide a third party that can monitor
|
||||||
|
traffic patterns with the ability to determine what burner JIDs belong to
|
||||||
|
the same user.
|
||||||
|
To prevent a burner JIDs authn identity from being discovered the same way,
|
||||||
|
burner JIDs SHOULD NOT share a rate limit with their authn identity.
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
If TLS channel binding information is encoded in the burner JID it is
|
If TLS channel binding information is encoded in the local part of the
|
||||||
RECOMMENDED that the tls-unique channel binding value be used as defined by
|
burner JID it is RECOMMENDED that the tls-unique channel binding value be
|
||||||
&rfc5929; §3.
|
used as defined by &rfc5929; §3.
|
||||||
However, for resumed sessions the JIDs SHOULD be considered invalid unless
|
Note that unless the master-secret fix from &rfc7627; has been implemented
|
||||||
the master-secret fix from &rfc7627; has been implemented because otherwise
|
channel binding information does not include enough context to successfully
|
||||||
resumption does not include enough context to successfully verify the
|
verify the binding when resuming a TLS session.
|
||||||
binding.
|
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
Implementations that choose to encode information in the localpart of burner
|
Implementations that choose to encode information in the localpart of burner
|
||||||
|
Loading…
Reference in New Issue
Block a user