From 8bb682093d3043b5412c3d7b482160e2c8d19633 Mon Sep 17 00:00:00 2001 From: Peter Saint-Andre Date: Tue, 18 Dec 2007 19:00:08 +0000 Subject: [PATCH] 1.5pre11 git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@1477 4b5297f7-1745-476d-ba37-a9c6900126ab --- xep-0115.xml | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/xep-0115.xml b/xep-0115.xml index 7dff88ab..37f5f955 100644 --- a/xep-0115.xml +++ b/xep-0115.xml @@ -34,10 +34,10 @@ jajcus@jabber.bnet.pl - 1.5pre10 - in progress, last updated 2007-12-06 + 1.5pre11 + in progress, last updated 2007-12-18 jjh/psa -

Specified that inclusion of hash attribute is required and removed default value of sha-1; mentioned pre-image attack and added reference to RFC 4270; clarified meaning of node attribute; specified that node attribute shall be included in disco#info request for backwards-compatibility; further specified security considerations; clarified handling of the legacy format to assist developers; defined optional v attribute for the software version.

+

Specified that inclusion of hash attribute is required and removed default value of sha-1; mentioned pre-image attack and added reference to RFC 4270; clarified meaning and construction of caps node attribute and disco node attribute; specified that node attribute shall be included in disco#info request for backwards-compatibility; further specified security considerations; clarified handling of the legacy format to assist developers; defined optional v attribute for the software version.

1.4 @@ -103,9 +103,7 @@ 0.2 2003-08-28 jjh -

Add more clarifying assumptions and requirements, make - it clear that clients don't have to send capabilities every - time if the server is optimizing.

+

Add more clarifying assumptions and requirements, make it clear that clients don't have to send capabilities every time if the server is optimizing.

0.1 @@ -133,7 +131,7 @@ @@ -146,7 +144,7 @@ to='romeo@montague.lit/orchard' type='get'> + node='http://code.google.com/p/exodus#8RovUdtOmiAjzj+xI7SK5BCw3A8='/> ]]>

The response is:

@@ -156,7 +154,7 @@ to='juliet@capulet.lit/chamber' type='result'> + node='http://code.google.com/p/exodus#8RovUdtOmiAjzj+xI7SK5BCw3A8='> @@ -286,14 +284,14 @@ -

Each time a conformant entity sends presence, it annotates that presence with an entity identifier ('node' attribute) and identity and feature identifier ('ver' attribute). In order that servers can remember the last presence for use in responding to probes, the client SHOULD include entity capabilities with every presence change.

-

If the supported features change during a client's presence session (e.g., a user installs an updated version of a client plugin), the application MUST recompute the 'ver' attribute and SHOULD send a new presence broadcast.

+

Each time a generating entity sends presence, it annotates that presence with an entity identifier ('node' attribute) and identity and feature identifier ('ver' attribute). In order that servers can remember the last presence for use in responding to probes, a client SHOULD include entity capabilities with every presence change.

+

If the supported features change during a generating entity's presence session (e.g., a user installs an updated version of a client plugin), the application MUST recompute the 'ver' attribute and SHOULD send a new presence broadcast.

@@ -301,7 +299,7 @@
-

An application can learn what features another entity supports by sending a disco#info request (see XEP-0030) to any entity that sent a particular value of the ver attribute.

+

An application (here called the "requesting entity") can learn what features another entity supports by sending a disco#info request (see XEP-0030) to the entity that generated the caps information (here called the "generating entity").

+ node='http://code.google.com/p/exodus#8RovUdtOmiAjzj+xI7SK5BCw3A8='/> ]]> -

The disco#info request is sent to the full JID (&FULLJID;) of the entity that generated the caps information.

+

The disco#info request is sent by the requesting entity to the generating entity. The value of the 'to' attribute MUST be the exact JID of the generating entity, which in the case of a client will be the full JID (&FULLJID;).

-

The responding entity then returns all of the capabilities it supports.

+

The disco 'node' attribute MUST be included for backwards-compatibility. The value of the 'node' attribute SHOULD be generated by concatenating the value of the caps 'node' attribute (e.g., "http://code.google.com/p/exodus") as provided by the generating entity, the "#" character, and the value of the caps 'ver' attribute (e.g., "8RovUdtOmiAjzj+xI7SK5BCw3A8=") as provided by the generating entity.

+ +

The generating entity then returns all of the capabilities it supports.

- node='http://code.google.com/p/exodus/#8RovUdtOmiAjzj+xI7SK5BCw3A8='> + node='http://code.google.com/p/exodus#8RovUdtOmiAjzj+xI7SK5BCw3A8='> @@ -332,7 +332,7 @@ ]]> -

The client MUST check the identities and supported features against the 'ver' value by calculating the hash as described under Generating the ver Attribute and making sure that the values match. If the values do not match, the client MUST NOT accept or cache the 'ver' value as reliable and SHOULD check the service discovery identity and supported features of another user who advertises that value (if any). This helps to prevent poisoning of entity capabilities information.

+

The requesting entity MUST check the identities and supported features against the 'ver' value by calculating the hash as described under Generating the ver Attribute and making sure that the values match. If the values do not match, the requesting entity MUST NOT accept or cache the 'ver' value as reliable and SHOULD check the service discovery identity and supported features of another generating entity who advertises that value (if any). This helps to prevent poisoning of entity capabilities information.

@@ -352,8 +352,7 @@

A server that is managing an entity's presence session MAY choose to optimize traffic through the server. In this case, the server MAY strip off redundant capabilities annotations. Because of this, receivers of annotations MUST NOT expect an annotation on every presence packet they receive. If the server wants to perform this traffic optimization, it MUST ensure that the first presence each subscriber receives contains the annotation. The server MUST also ensure that any changes in the annotation (e.g., an updated 'ver' attribute) are sent to all subscribers.

- -

A client MAY query the server using disco#info to determine if the server supports the 'http://jabber.org/protocol/caps' feature. If so, the server MUST perform the optimization delineated above, and the client MAY choose to send the capabilities annotation only on the first presence packet, as well as whenever its capabilities change.

+

If the server did not advertise its capabilities using the Stream Feature, a connected client MAY query the server using disco#info to determine if the server supports the 'http://jabber.org/protocol/caps' feature. If so, the server MUST perform the optimization delineated above, and the client MAY choose to send the capabilities annotation only on the first presence packet, as well as whenever its capabilities change.

-

An application that accepts entity capabilities information SHOULD cache associations between the 'ver' attribute and discovered features within the scope of one presence session and MAY cache such associations across sessions. This obviates the need for extensive service discovery requests within a session or at the beginning of a session.

+

It is RECOMMENDED for an application that processes entity capabilities information to cache associations between the 'ver' attribute and discovered features within the scope of one presence session. This obviates the need for extensive service discovery requests within a session.

+

It is OPTIONAL for an application to cache associates across presence sessions. However, since this obviates the need for extensive service discovery requests at the beginning of a session, such caching is strongly encouraged, especially in bandwidth-constrained environments.

-

Use of the protocol specified in this document might make some client-specific forms of attack slightly easier, since the attacker could more easily determine the type of client being used. However, since most clients respond to Service Discovery and Software Version requests without performing access control checks, there is no new vulnerability. Entities that wish to restrict access to capabilities information SHOULD use &xep0016; to define appropriate communications blocking (e.g., an entity MAY choose to allow IQ requests only from "trusted" entities, such as those with whom it has a subscription of "both").

+

Use of the protocol specified in this document might make some client-specific forms of attack slightly easier, since the attacker could more easily determine the type of client being used. However, since most clients respond to Service Discovery and Software Version requests without performing access control checks, there is no new vulnerability. Entities that wish to restrict access to capabilities information SHOULD use &xep0016; to define appropriate communications blocking (e.g., an entity MAY choose to allow IQ requests only from "trusted" entities, such as those with whom it has a subscription of "both"); note, however, that such restrictions may be incompatible with the recommendation regarding Directed Presence.

Adherence to the algorithm defined in the Generation of ver Attribute section of this document for both generation and checking of the 'ver' attribute helps to guard against poisoning of entity capabilities information by malicious or improperly implemented entities.

If the value of the 'ver' attribute is a hash as defined herein (i.e., if the 'ver' attribute is not generated according to the legacy format), inclusion of the 'hash' attribute is required. Knowing explicitly that the value of the 'ver' attribute is a hash enables the recipient to avoid spurious notification of invalid hashes.

Theoretically it may become possible to launch a "pre-image" attack (see &rfc4270;) against the hashes used in the 'ver' attribute, at least when the SHA-1 algorithm is used. However, such attacks are not currently practical, and may not become practical in the foreseeable future. If and when such attacks become practical, this specification will be updated to strongly recommend use of a hashing algorithm that is safer than SHA-1, such as SHA-256. Nevertheless, the SHA-256 algorithm can be used today if implementors are concerned about the safety of the SHA-1 algorithm.