From 9a6d14e6c4da0737f863df63d074df6b194de8fd Mon Sep 17 00:00:00 2001
From: Sam Whited <sam@samwhited.com>
Date: Mon, 17 Oct 2016 10:20:09 -0500
Subject: [PATCH] XEP-0288: Fix syntax highlighting

Also tweak example formatting
---
 xep-0288.xml | 227 +++++++++++++++++++++++++++++----------------------
 1 file changed, 129 insertions(+), 98 deletions(-)

diff --git a/xep-0288.xml b/xep-0288.xml
index c010f4a4..79421dac 100644
--- a/xep-0288.xml
+++ b/xep-0288.xml
@@ -27,6 +27,12 @@
   </schemaloc>
   &fippo;
   &dcridland;
+  <revision>
+    <version>1.0.1</version>
+    <date>2016-10-17</date>
+    <initials>ssw</initials>
+    <remark><p>Fix syntax highlighting and tweak example formatting.</p></remark>
+  </revision>
   <revision>
     <version>1.0</version>
     <date>2013-09-26</date>
@@ -106,7 +112,8 @@ http://www.ietf.org/mail-archive/web/xmpp/current/msg00664.html
   <section2 topic='Negotiation' anchor='nego'>
     <p>To enable bidirectional communication, the connecting server sends a &lt;bidi/&gt; element qualified by the 'urn:xmpp:bidi' namespace. This SHOULD be done before either SASL negotiation or Server Dialback.</p>
     <example caption="Connecting Server Requests Bidirectionality"><![CDATA[
-C: <bidi xmlns='urn:xmpp:bidi'/>
+<!-- Client -->
+<bidi xmlns='urn:xmpp:bidi'/>
 ]]></example>
     <p>After enabling bidirectionality, the connecting server continues to authenticate via SASL or requests to send stanzas for a domain pair with Server Dialback. The receiving server MUST NOT send stanzas to the peer before it has authenticated via SASL, or the peer's identity has been verified via Server Dialback. Note that the receiving server MUST NOT attempt to verify a dialback key on the same connection where the corresponding request was issued.</p>
     <p>Also note that the receiving server MUST only send stanzas for which it has been authenticated - in the case of TLS/SASL based authentication, this is the value of the stream's 'to' attribute, whereas in the case of Server Dialback this is the inverse of any domain pair that has been used in a dialback request.</p>
@@ -116,108 +123,132 @@ C: <bidi xmlns='urn:xmpp:bidi'/>
 <section1 topic='Examples' anchor='examples'>
   <p>This section shows two complete examples of bidirectional streams, the first example uses SASL EXTERNAL, the second uses Server Dialback.</p>
   <example caption='Bidirectional Streams with SASL Authentication'><![CDATA[
-C: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' 
-	xmlns='jabber:server' xmlns:db='jabber:server:dialback' 
-	to='montague.lit' from='capulet.lit' 
-	xml:lang='en' version='1.0'>
-S: <stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' 
-	xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' 
-	id='65b30434afd7646699d077f7affcb2c120c48e18' 
-	from='montague.lit' to='capulet.lit' version='1.0'>
-S: <stream:features>
-     <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
-     <bidi xmlns='urn:xmpp:features:bidi'/>
-   </stream:features>
-C: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
-S: <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
-C: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' 
-	xmlns='jabber:server' xmlns:db='jabber:server:dialback' 
-	to='montague.lit' from='capulet.lit' 
-	xml:lang='en' version='1.0'>
-S: <stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' 
-	xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' 
-	id='b5cd769b1dc292c6f6557fe76cabc4d112333f9a' 
-	from='montague.lit' to='capulet.lit' version='1.0'>
-S: <stream:features>
-     <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
-       <mechanism>EXTERNAL<mechanism>
-     </mechanisms>
-     <bidi xmlns='urn:xmpp:features:bidi'/>
-   </stream:features>
-C: <bidi xmlns='urn:xmpp:bidi'/>
-   <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='EXTERNAL'>
-     Y2FwdWxldC5saXQ=</auth>
-S: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
-C: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' 
-	xmlns='jabber:server' xmlns:db='jabber:server:dialback' 
-	to='montague.lit' from='capulet.lit' 
-	xml:lang='en' version='1.0'>
-S: <stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' 
-	xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' 
-	id='b5cd769b1dc292c6f6557fe76cabc4d112333f9a' 
-	from='montague.lit' to='capulet.lit' version='1.0'>
-S: <stream:features/>
-   <!-- At this point, S is allowed to send C stanzas from montague.lit to capulet.lit
-        since that is the value of 'from' in the stream open sent by C above.
-     -->
-C: <iq from='juliet@capulet.lit/balcony' to='montague.lit' type='get' 
-     id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq>
-S: <iq from='montague.lit' to='juliet@capulet.lit/balcony' type='result' 
-     id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq>
+<!-- Client -->
+<stream:stream xmlns:stream='http://etherx.jabber.org/streams'
+               xmlns='jabber:server' xmlns:db='jabber:server:dialback'
+               to='montague.lit' from='capulet.lit'
+               xml:lang='en' version='1.0'>
+<!-- Server -->
+<stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback'
+               xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en'
+               id='65b30434afd7646699d077f7affcb2c120c48e18'
+               from='montague.lit' to='capulet.lit' version='1.0'>
+<!-- Server -->
+<stream:features>
+  <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
+  <bidi xmlns='urn:xmpp:features:bidi'/>
+</stream:features>
+<!-- Client -->
+<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
+<!-- Server -->
+<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
+<!-- Client -->
+<stream:stream xmlns:stream='http://etherx.jabber.org/streams'
+               xmlns='jabber:server' xmlns:db='jabber:server:dialback'
+               to='montague.lit' from='capulet.lit'
+               xml:lang='en' version='1.0'>
+<!-- Server -->
+<stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback'
+               xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en'
+               id='b5cd769b1dc292c6f6557fe76cabc4d112333f9a'
+               from='montague.lit' to='capulet.lit' version='1.0'>
+<stream:features>
+  <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
+    <mechanism>EXTERNAL<mechanism>
+  </mechanisms>
+  <bidi xmlns='urn:xmpp:features:bidi'/>
+</stream:features>
+<!-- Client -->
+<bidi xmlns='urn:xmpp:bidi'/>
+<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='EXTERNAL'>
+  Y2FwdWxldC5saXQ=
+</auth>
+<!-- Server -->
+<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
+<!-- Client -->
+<stream:stream xmlns:stream='http://etherx.jabber.org/streams'
+               xmlns='jabber:server' xmlns:db='jabber:server:dialback'
+               to='montague.lit' from='capulet.lit'
+               xml:lang='en' version='1.0'>
+<!-- Server -->
+<stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback'
+               xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en'
+               id='b5cd769b1dc292c6f6557fe76cabc4d112333f9a'
+               from='montague.lit' to='capulet.lit' version='1.0'>
+<stream:features/>
+<!-- At this point, S is allowed to send C stanzas from montague.lit to capulet.lit
+     since that is the value of 'from' in the stream open sent by C above.
+  -->
+<!-- Client -->
+<iq from='juliet@capulet.lit/balcony' to='montague.lit' type='get'
+  id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq>
+<!-- Server -->
+<iq from='montague.lit' to='juliet@capulet.lit/balcony' type='result'
+  id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq>
 ]]></example>
   <example caption='Bidirectional Streams with Server Dialback'><![CDATA[
-C: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' 
-	xmlns='jabber:server' xmlns:db='jabber:server:dialback' 
-	to='montague.lit' from='capulet.lit' 
-	xml:lang='en' version='1.0'>
-S: <stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' 
-	xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' 
-	id='65b30434afd7646699d077f7affcb2c120c48e18' 
-	from='montague.lit' to='capulet.lit' version='1.0'>
-S: <stream:features>
-     <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
-     <bidi xmlns='urn:xmpp:features:bidi'/>
-   </stream:features>
-C: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
-S: <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
-C: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' 
-	xmlns='jabber:server' xmlns:db='jabber:server:dialback' 
-	to='montague.lit' from='capulet.lit' 
-	xml:lang='en' version='1.0'>
-S: <stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' 
-	xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' 
-	id='b5cd769b1dc292c6f6557fe76cabc4d112333f9a' 
-	from='montague.lit' to='capulet.lit' version='1.0'>
-S: <stream:features>
-     <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
-     <bidi xmlns='urn:xmpp:features:bidi'/>
-   </stream:features>
-    ]]></example>
-    <example caption="Stream Setup before TLS"><![CDATA[
-C: <bidi xmlns='urn:xmpp:bidi'/>
-   <db:result from='capulet.lit' to='montague.lit'>
-	e3f5cf21f12749ef2cf59269bc0118f35bc46b26</db:result>
-S: <db:result from='montague.lit' to='capulet.lit' type='valid'/>
-   <!-- At this point S may send from montague.lit to capulet.lit.
-     -->
-C: <iq from='juliet@capulet.lit/balcony' to='montague.lit' type='get' 
-     id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq>
-S: <iq from='montague.lit' to='juliet@capulet.lit/balcony' type='result' 
-     id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq>
-S: <db:result from='conference.montague.lit' to='capulet.lit'>
-        1bac3ef56fed987cfe098c9785c654a5476ed765</db:result>
-   <!-- The above is also legal - S attempts to authenticate as 
-        a different domain as well, presumably a MUC domain.
-        note that S can do this form of multiplexing regardless 
-        of the support for dialback errors since that was required by RFC 3920
-     -->
-C: <db:result from='capulet.lit' to='conference.montague.lit' type='valid'/>
-   <!-- Now S can send as conference.m.l as well as C sending to that domain.
-     -->
+<!-- Client -->
+<stream:stream xmlns:stream='http://etherx.jabber.org/streams'
+               xmlns='jabber:server' xmlns:db='jabber:server:dialback'
+               to='montague.lit' from='capulet.lit'
+               xml:lang='en' version='1.0'>
+<!-- Server -->
+<stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback'
+               xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en'
+               id='65b30434afd7646699d077f7affcb2c120c48e18'
+               from='montague.lit' to='capulet.lit' version='1.0'>
+<stream:features>
+  <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
+  <bidi xmlns='urn:xmpp:features:bidi'/>
+</stream:features>
+<!-- Client -->
+<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
+<!-- Server -->
+<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
+<!-- Client -->
+<stream:stream xmlns:stream='http://etherx.jabber.org/streams'
+               xmlns='jabber:server' xmlns:db='jabber:server:dialback'
+               to='montague.lit' from='capulet.lit'
+               xml:lang='en' version='1.0'>
+<!-- Server -->
+<stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback'
+               xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en'
+               id='b5cd769b1dc292c6f6557fe76cabc4d112333f9a'
+               from='montague.lit' to='capulet.lit' version='1.0'>
+<stream:features>
+  <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
+  <bidi xmlns='urn:xmpp:features:bidi'/>
+</stream:features>
+]]></example>
+  <example caption="Stream Setup before TLS"><![CDATA[
+<!-- Client -->
+<bidi xmlns='urn:xmpp:bidi'/>
+<db:result from='capulet.lit' to='montague.lit'>
+  e3f5cf21f12749ef2cf59269bc0118f35bc46b26</db:result>
+<!-- Server -->
+<db:result from='montague.lit' to='capulet.lit' type='valid'/>
+<!-- At this point S may send from montague.lit to capulet.lit.-->
+<!-- Client -->
+<iq from='juliet@capulet.lit/balcony' to='montague.lit' type='get'
+  id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq>
+<!-- Server -->
+<iq from='montague.lit' to='juliet@capulet.lit/balcony' type='result'
+  id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq>
+<db:result from='conference.montague.lit' to='capulet.lit'>
+     1bac3ef56fed987cfe098c9785c654a5476ed765</db:result>
+<!-- The above is also legal - S attempts to authenticate as
+     a different domain as well, presumably a MUC domain.
+     note that S can do this form of multiplexing regardless
+     of the support for dialback errors since that was required by RFC 3920
+  -->
+<!-- Client -->
+<db:result from='capulet.lit' to='conference.montague.lit' type='valid'/>
+<!-- Now S can send as conference.m.l as well as C sending to that domain.
+-->
 ]]></example>
 </section1>
 <section1 topic='Security Considerations' anchor='security'>
-  <p>This specification introduces no security considerations above and beyond those discussed in <cite>RFC 6120</cite> or <cite>XEP-0220</cite>. 
+  <p>This specification introduces no security considerations above and beyond those discussed in <cite>RFC 6120</cite> or <cite>XEP-0220</cite>.
   <!-- one might explain why not... http://mail.jabber.org/pipermail/xmppwg/2004-February/002026.html -->
   Note that the impact of the &quot;unsolicited server dialback&quot; attack described in <cite>XEP-0220</cite> is considerably larger for bidirectional streams, e.g. a vulnerability which allows spoofing might also route messages to the wrong targets. Additionally, dialback elements with a &quot;type&quot; attribute also need to be handled in incoming connections.</p>
 </section1>