0.3

git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@3272 4b5297f7-1745-476d-ba37-a9c6900126ab

xep-0249.xml

@@ -22,6 +22,12 @@
   <supersededby/>
   <shortname>x-conference</shortname>
   &stpeter;
+  <revision>
+    <version>0.3</version>
+    <date>2009-06-22</date>
+    <initials>psa</initials>
+    <remark><p>Defined several possible security attacks along with solutions.</p></remark>
+  </revision>
   <revision>
     <version>0.2</version>
     <date>2009-03-30</date>
@@ -115,7 +121,14 @@
 </section1>
 
 <section1 topic='Security Considerations' anchor='security'>
-  <p>There are no known security concerns related to this protocol.</p>
+  <p>The following attacks are possible, in roughly the order of probability. See also &xep0205; and &rfc3552;.</p>
+  <ol>
+    <li><p>The sender of an invitation could overload the 'reason' attribute with malicious or offensive text. The recipient can mitigate this attack by blocking the sender using technologies such as &xep0016; and &xep0191;.</p></li>
+    <li><p>A passive attacker could flood the recipient with a large number of chatroom invitations. This attack, too, can be mitigated with <cite>Privacy Lists</cite> or <cite>Simple Communications Blocking</cite>.</p></li>
+    <li><p>A passive attacker could use a mimicked JID to fool the recipient into thinking that the sender is a known or trusted contact. This attack requires knowledge of the recipient's known or trusted contacts, and can be mitigated by following the recommendations in &xep0165;.</p></li>
+    <li><p>In the absence of end-to-end encryption, a passive attacker could eavesdrop on the chatroom invitations that a user sends or receives.</p></li>
+    <li><p>In the absence of end-to-end encryption or signing, an active attacker could modify the invitation in transit so that the recipient is directed to a different room than intended by the sender.</p></li>
+  </ol>
 </section1>
 
 <section1 topic='IANA Considerations' anchor='iana'>