moparisthebest/xeps
1
0
Fork 0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-21 08:45:04 -05:00
Code Issues Releases Wiki Activity

XEP-0288: Fix syntax highlighting

Browse Source 
Also tweak example formatting
This commit is contained in:
Sam Whited 2016-10-17 10:20:09 -05:00
parent 914273677c
commit 9a6d14e6c4
1 changed files with 129 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

227
xep-0288.xml
View File

@ -27,6 +27,12 @@
</schemaloc> </schemaloc>
&fippo; &fippo;
&dcridland; &dcridland;
<revision>
<version>1.0.1</version>
<date>2016-10-17</date>
<initials>ssw</initials>
<remark><p>Fix syntax highlighting and tweak example formatting.</p></remark>
</revision>
<revision> <revision>
<version>1.0</version> <version>1.0</version>
<date>2013-09-26</date> <date>2013-09-26</date>
@ -106,7 +112,8 @@ http://www.ietf.org/mail-archive/web/xmpp/current/msg00664.html
<section2 topic='Negotiation' anchor='nego'> <section2 topic='Negotiation' anchor='nego'>
<p>To enable bidirectional communication, the connecting server sends a &lt;bidi/&gt; element qualified by the 'urn:xmpp:bidi' namespace. This SHOULD be done before either SASL negotiation or Server Dialback.</p> <p>To enable bidirectional communication, the connecting server sends a &lt;bidi/&gt; element qualified by the 'urn:xmpp:bidi' namespace. This SHOULD be done before either SASL negotiation or Server Dialback.</p>
<example caption="Connecting Server Requests Bidirectionality"><![CDATA[ <example caption="Connecting Server Requests Bidirectionality"><![CDATA[
C: <bidi xmlns='urn:xmpp:bidi'/> <!-- Client -->
<bidi xmlns='urn:xmpp:bidi'/>
]]></example> ]]></example>
<p>After enabling bidirectionality, the connecting server continues to authenticate via SASL or requests to send stanzas for a domain pair with Server Dialback. The receiving server MUST NOT send stanzas to the peer before it has authenticated via SASL, or the peer's identity has been verified via Server Dialback. Note that the receiving server MUST NOT attempt to verify a dialback key on the same connection where the corresponding request was issued.</p> <p>After enabling bidirectionality, the connecting server continues to authenticate via SASL or requests to send stanzas for a domain pair with Server Dialback. The receiving server MUST NOT send stanzas to the peer before it has authenticated via SASL, or the peer's identity has been verified via Server Dialback. Note that the receiving server MUST NOT attempt to verify a dialback key on the same connection where the corresponding request was issued.</p>
<p>Also note that the receiving server MUST only send stanzas for which it has been authenticated - in the case of TLS/SASL based authentication, this is the value of the stream's 'to' attribute, whereas in the case of Server Dialback this is the inverse of any domain pair that has been used in a dialback request.</p> <p>Also note that the receiving server MUST only send stanzas for which it has been authenticated - in the case of TLS/SASL based authentication, this is the value of the stream's 'to' attribute, whereas in the case of Server Dialback this is the inverse of any domain pair that has been used in a dialback request.</p>
@ -116,108 +123,132 @@ C: <bidi xmlns='urn:xmpp:bidi'/>
<section1 topic='Examples' anchor='examples'> <section1 topic='Examples' anchor='examples'>
<p>This section shows two complete examples of bidirectional streams, the first example uses SASL EXTERNAL, the second uses Server Dialback.</p> <p>This section shows two complete examples of bidirectional streams, the first example uses SASL EXTERNAL, the second uses Server Dialback.</p>
<example caption='Bidirectional Streams with SASL Authentication'><![CDATA[ <example caption='Bidirectional Streams with SASL Authentication'><![CDATA[
C: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' <!-- Client -->
xmlns='jabber:server' xmlns:db='jabber:server:dialback' <stream:stream xmlns:stream='http://etherx.jabber.org/streams'
to='montague.lit' from='capulet.lit' xmlns='jabber:server' xmlns:db='jabber:server:dialback'
xml:lang='en' version='1.0'> to='montague.lit' from='capulet.lit'
S: <stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xml:lang='en' version='1.0'>
xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' <!-- Server -->
id='65b30434afd7646699d077f7affcb2c120c48e18' <stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback'
from='montague.lit' to='capulet.lit' version='1.0'> xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en'
S: <stream:features> id='65b30434afd7646699d077f7affcb2c120c48e18'
<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> from='montague.lit' to='capulet.lit' version='1.0'>
<bidi xmlns='urn:xmpp:features:bidi'/> <!-- Server -->
</stream:features> <stream:features>
C: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
S: <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> <bidi xmlns='urn:xmpp:features:bidi'/>
C: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' </stream:features>
xmlns='jabber:server' xmlns:db='jabber:server:dialback' <!-- Client -->
to='montague.lit' from='capulet.lit' <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
xml:lang='en' version='1.0'> <!-- Server -->
S: <stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' <!-- Client -->
id='b5cd769b1dc292c6f6557fe76cabc4d112333f9a' <stream:stream xmlns:stream='http://etherx.jabber.org/streams'
from='montague.lit' to='capulet.lit' version='1.0'> xmlns='jabber:server' xmlns:db='jabber:server:dialback'
S: <stream:features> to='montague.lit' from='capulet.lit'
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'> xml:lang='en' version='1.0'>
<mechanism>EXTERNAL<mechanism> <!-- Server -->
</mechanisms> <stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback'
<bidi xmlns='urn:xmpp:features:bidi'/> xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en'
</stream:features> id='b5cd769b1dc292c6f6557fe76cabc4d112333f9a'
C: <bidi xmlns='urn:xmpp:bidi'/> from='montague.lit' to='capulet.lit' version='1.0'>
<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='EXTERNAL'> <stream:features>
Y2FwdWxldC5saXQ=</auth> <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
S: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/> <mechanism>EXTERNAL<mechanism>
C: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' </mechanisms>
xmlns='jabber:server' xmlns:db='jabber:server:dialback' <bidi xmlns='urn:xmpp:features:bidi'/>
to='montague.lit' from='capulet.lit' </stream:features>
xml:lang='en' version='1.0'> <!-- Client -->
S: <stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' <bidi xmlns='urn:xmpp:bidi'/>
xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='EXTERNAL'>
id='b5cd769b1dc292c6f6557fe76cabc4d112333f9a' Y2FwdWxldC5saXQ=
from='montague.lit' to='capulet.lit' version='1.0'> </auth>
S: <stream:features/> <!-- Server -->
<!-- At this point, S is allowed to send C stanzas from montague.lit to capulet.lit <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
since that is the value of 'from' in the stream open sent by C above. <!-- Client -->
--> <stream:stream xmlns:stream='http://etherx.jabber.org/streams'
C: <iq from='juliet@capulet.lit/balcony' to='montague.lit' type='get' xmlns='jabber:server' xmlns:db='jabber:server:dialback'
id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq> to='montague.lit' from='capulet.lit'
S: <iq from='montague.lit' to='juliet@capulet.lit/balcony' type='result' xml:lang='en' version='1.0'>
id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq> <!-- Server -->
<stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback'
xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en'
id='b5cd769b1dc292c6f6557fe76cabc4d112333f9a'
from='montague.lit' to='capulet.lit' version='1.0'>
<stream:features/>
<!-- At this point, S is allowed to send C stanzas from montague.lit to capulet.lit
since that is the value of 'from' in the stream open sent by C above.
-->
<!-- Client -->
<iq from='juliet@capulet.lit/balcony' to='montague.lit' type='get'
id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq>
<!-- Server -->
<iq from='montague.lit' to='juliet@capulet.lit/balcony' type='result'
id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq>
]]></example> ]]></example>
<example caption='Bidirectional Streams with Server Dialback'><![CDATA[ <example caption='Bidirectional Streams with Server Dialback'><![CDATA[
C: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' <!-- Client -->
xmlns='jabber:server' xmlns:db='jabber:server:dialback' <stream:stream xmlns:stream='http://etherx.jabber.org/streams'
to='montague.lit' from='capulet.lit' xmlns='jabber:server' xmlns:db='jabber:server:dialback'
xml:lang='en' version='1.0'> to='montague.lit' from='capulet.lit'
S: <stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xml:lang='en' version='1.0'>
xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' <!-- Server -->
id='65b30434afd7646699d077f7affcb2c120c48e18' <stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback'
from='montague.lit' to='capulet.lit' version='1.0'> xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en'
S: <stream:features> id='65b30434afd7646699d077f7affcb2c120c48e18'
<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> from='montague.lit' to='capulet.lit' version='1.0'>
<bidi xmlns='urn:xmpp:features:bidi'/> <stream:features>
</stream:features> <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
C: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> <bidi xmlns='urn:xmpp:features:bidi'/>
S: <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> </stream:features>
C: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' <!-- Client -->
xmlns='jabber:server' xmlns:db='jabber:server:dialback' <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
to='montague.lit' from='capulet.lit' <!-- Server -->
xml:lang='en' version='1.0'> <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
S: <stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' <!-- Client -->
xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' <stream:stream xmlns:stream='http://etherx.jabber.org/streams'
id='b5cd769b1dc292c6f6557fe76cabc4d112333f9a' xmlns='jabber:server' xmlns:db='jabber:server:dialback'
from='montague.lit' to='capulet.lit' version='1.0'> to='montague.lit' from='capulet.lit'
S: <stream:features> xml:lang='en' version='1.0'>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/> <!-- Server -->
<bidi xmlns='urn:xmpp:features:bidi'/> <stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback'
</stream:features> xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en'
]]></example> id='b5cd769b1dc292c6f6557fe76cabc4d112333f9a'
<example caption="Stream Setup before TLS"><![CDATA[ from='montague.lit' to='capulet.lit' version='1.0'>
C: <bidi xmlns='urn:xmpp:bidi'/> <stream:features>
<db:result from='capulet.lit' to='montague.lit'> <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
e3f5cf21f12749ef2cf59269bc0118f35bc46b26</db:result> <bidi xmlns='urn:xmpp:features:bidi'/>
S: <db:result from='montague.lit' to='capulet.lit' type='valid'/> </stream:features>
<!-- At this point S may send from montague.lit to capulet.lit. ]]></example>
--> <example caption="Stream Setup before TLS"><![CDATA[
C: <iq from='juliet@capulet.lit/balcony' to='montague.lit' type='get' <!-- Client -->
id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq> <bidi xmlns='urn:xmpp:bidi'/>
S: <iq from='montague.lit' to='juliet@capulet.lit/balcony' type='result' <db:result from='capulet.lit' to='montague.lit'>
id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq> e3f5cf21f12749ef2cf59269bc0118f35bc46b26</db:result>
S: <db:result from='conference.montague.lit' to='capulet.lit'> <!-- Server -->
1bac3ef56fed987cfe098c9785c654a5476ed765</db:result> <db:result from='montague.lit' to='capulet.lit' type='valid'/>
<!-- The above is also legal - S attempts to authenticate as <!-- At this point S may send from montague.lit to capulet.lit.-->
a different domain as well, presumably a MUC domain. <!-- Client -->
note that S can do this form of multiplexing regardless <iq from='juliet@capulet.lit/balcony' to='montague.lit' type='get'
of the support for dialback errors since that was required by RFC 3920 id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq>
--> <!-- Server -->
C: <db:result from='capulet.lit' to='conference.montague.lit' type='valid'/> <iq from='montague.lit' to='juliet@capulet.lit/balcony' type='result'
<!-- Now S can send as conference.m.l as well as C sending to that domain. id='8dfc70af'><query xmlns='urn:xmpp:ping'/></iq>
--> <db:result from='conference.montague.lit' to='capulet.lit'>
1bac3ef56fed987cfe098c9785c654a5476ed765</db:result>
<!-- The above is also legal - S attempts to authenticate as
a different domain as well, presumably a MUC domain.
note that S can do this form of multiplexing regardless
of the support for dialback errors since that was required by RFC 3920
-->
<!-- Client -->
<db:result from='capulet.lit' to='conference.montague.lit' type='valid'/>
<!-- Now S can send as conference.m.l as well as C sending to that domain.
-->
]]></example> ]]></example>
</section1> </section1>
<section1 topic='Security Considerations' anchor='security'> <section1 topic='Security Considerations' anchor='security'>
<p>This specification introduces no security considerations above and beyond those discussed in <cite>RFC 6120</cite> or <cite>XEP-0220</cite>. <p>This specification introduces no security considerations above and beyond those discussed in <cite>RFC 6120</cite> or <cite>XEP-0220</cite>.
<!-- one might explain why not... http://mail.jabber.org/pipermail/xmppwg/2004-February/002026.html --> <!-- one might explain why not... http://mail.jabber.org/pipermail/xmppwg/2004-February/002026.html -->
Note that the impact of the &quot;unsolicited server dialback&quot; attack described in <cite>XEP-0220</cite> is considerably larger for bidirectional streams, e.g. a vulnerability which allows spoofing might also route messages to the wrong targets. Additionally, dialback elements with a &quot;type&quot; attribute also need to be handled in incoming connections.</p> Note that the impact of the &quot;unsolicited server dialback&quot; attack described in <cite>XEP-0220</cite> is considerably larger for bidirectional streams, e.g. a vulnerability which allows spoofing might also route messages to the wrong targets. Additionally, dialback elements with a &quot;type&quot; attribute also need to be handled in incoming connections.</p>
</section1> </section1>