moparisthebest
/
xeps
mirror of https://github.com/moparisthebest/xeps
1
0
Fork 0
Code Issues Releases Wiki Activity

XEP-0379: Fix some DTD issues.

Browse Source
hacx
Sam Whited 7 years ago
parent 6b67a1149d
commit 9c3bd99e07
2 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File

25
xep-0379.xml
Unescape Escape View File

@ -28,6 +28,12 @@
<email>georg@op-co.de</email>
<jid>georg@yax.im</jid>
</author>
<revision>
<version>0.1.1</version>
<date>2017-01-01</date>
<initials>ssw</initials>
<remark><p>Minor DTD and formatting fixes.</p></remark>
</revision>
<revision>
<version>0.1.0</version>
<date>2016-07-20</date>
@ -165,7 +171,7 @@ https://yax.im/i/romeo/montague.net/1tMFqYDdKhfe2pwp/Romeo+Montague
<div class="example">
<p><strong><em>Romeo Montague</em> has invited you to chat</strong></p>
<p><strong><link url='xmpp:romeo@montague.net?roster;preauth=1tMFqYDdKhfe2pwp;name=Romeo%20Montague'>Add <em>Romeo Montague</em></link></strong></p>
<p><strong><link url='xmpp:romeo@montague.net?roster;preauth=1tMFqYDdKhfe2pwp;name=Romeo%20Montague'>Add "Romeo Montague"</link></strong></p>
<p>If this link does not work, you need to install and configure
an XMPP client. Please visit this page again afterwards. Choose one of
these for your <em>Tomato OS</em>:</p>
@ -285,22 +291,19 @@ https://yax.im/i/romeo/montague.net/1tMFqYDdKhfe2pwp/Romeo+Montague
<p>As the authentication token grants automatic addition to
Romeo's roster and automatic approval of presence subscription,
the token SHOULD be created with a cryptographically secure random
number generator <note>See for example <link
url='https://lwn.net/Articles/606141/'><tt>getrandom(2)</tt></link>,
<link
url='https://docs.oracle.com/javase/8/docs/api/java/security/SecureRandom.html'><tt>SecureRandom</tt></link>
number generator <note>See for example <tt><link
url='https://lwn.net/Articles/606141/'>getrandom(2)</link></tt>,
<tt><link
url='https://docs.oracle.com/javase/8/docs/api/java/security/SecureRandom.html'>SecureRandom</link></tt>
or <tt>/dev/urandom</tt>. More information about the randomness
requirements for security can be found in &rfc4086;</note> and
provide sufficient entropy to make brute-force attacks
infeasible. It is suggested to generate at least 80 bits of
entropy, and to use an encoding that can be easily encoded as part
of an URI (e.g. Base-32).</p> <p>It is possible to use a different token
generation scheme like <cite>SAML</cite><note>Security Assertion Markup
Language (SAML) &lt;<link url='https://www.oasis-open.org/standards#samlv2.0'>https://www.oasis-open.org/standards#samlv2.0</link>&gt;</note>
or JWT (<cite><link url='http://tools.ietf.org/html/rfc7519'>RFC
7519</link></cite><note>RFC 7519: JSON Web Token (JWT) &lt;<link url='http://tools.ietf.org/html/rfc7519'>http://tools.ietf.org/html/rfc7519</link>&gt;</note>). In
such a case, the issuer must ensure a comparable security level
and limit token reuse.</p>
generation scheme like &saml; or JWT (&rfc7519;).
In such a case, the issuer must ensure a comparable security level and
limit token reuse.</p>
</section2>
<section2 topic='Checking Token Validity' anchor='security_validity'>
<p>To limit the potential for abuse, the token SHOULD be limited in as follows:</p>

1
xep.ent
Unescape Escape View File

@ -650,6 +650,7 @@ THE SOFTWARE.
<!ENTITY rfc6763 "<span class='ref'><link url='http://tools.ietf.org/html/rfc6763'>RFC 6763</link></span> <note>RFC 6763: DNS-Based Service Discovery &lt;<link url='http://tools.ietf.org/html/rfc6763'>http://tools.ietf.org/html/rfc6763</link>&gt;.</note>" >
<!ENTITY rfc6920 "<span class='ref'><link url='http://tools.ietf.org/html/rfc6920'>RFC 6920</link></span> <note>RFC 6920: Naming Things with Hashes &lt;<link url='http://tools.ietf.org/html/rfc6920'>http://tools.ietf.org/html/rfc6920</link>&gt;.</note>" >
<!ENTITY rfc7081 "<span class='ref'><link url='http://tools.ietf.org/html/rfc7081'>RFC 7081</link></span> <note>RFC 7081: CUSAX: Combined Use of the Session Initiation Protocol (SIP) and the Extensible Messaging and Presence Protocol (XMPP) &lt;<link url='http://tools.ietf.org/html/rfc7081'>http://tools.ietf.org/html/rfc7081</link>&gt;.</note>" >
<!ENTITY rfc7519 "<span class='ref'><link url='http://tools.ietf.org/html/rfc7519'>RFC 7519</link></span> <note>RFC 7519: JSON Web Token (JWT) &lt;<link url='http://tools.ietf.org/html/rfc7519'>http://tools.ietf.org/html/rfc7519</link>&gt;.</note>" >
<!ENTITY rfc7572 "<span class='ref'><link url='http://tools.ietf.org/html/rfc7572'>RFC 7572</link></span> <note>RFC 7572: Interworking between the Session Initiation Protocol (SIP) and the Extensible Messaging and Presence Protocol (XMPP): Instant Messaging &lt;<link url='http://tools.ietf.org/html/rfc7572'>http://tools.ietf.org/html/rfc7572</link>&gt;.</note>" >
<!ENTITY rfc7595 "<span class='ref'><link url='http://tools.ietf.org/html/rfc7595'>RFC 7595</link></span> <note>RFC 7595: Guidelines and Registration Procedures for URI Schemes &lt;<link url='http://tools.ietf.org/html/rfc7595'>http://tools.ietf.org/html/rfc7595</link>&gt;.</note>" >
<!ENTITY rfc7613 "<span class='ref'><link url='http://tools.ietf.org/html/rfc7613'>RFC 7613</link></span> <note>RFC 7613: Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords&lt;<link url='http://tools.ietf.org/html/rfc7613'>http://tools.ietf.org/html/rfc7613</link>&gt;.</note>" >

Write Preview
Loading…
Cancel
Save