mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-23 01:32:22 -05:00
Obsolete and update Security Considerations for XEP-0138 and XEP-0229
This commit is contained in:
parent
0c6f1d4fbe
commit
c2de9cfb15
11
xep-0138.xml
11
xep-0138.xml
@ -10,7 +10,7 @@
|
|||||||
<abstract>This document defines an XMPP protocol extension for negotiating compression of XML streams, especially in situations where standard TLS compression cannot be negotiated. The protocol provides a modular framework that can accommodate a wide range of compression algorithms; the ZLIB compression algorithm is mandatory-to-implement, but implementations may support other algorithms in addition.</abstract>
|
<abstract>This document defines an XMPP protocol extension for negotiating compression of XML streams, especially in situations where standard TLS compression cannot be negotiated. The protocol provides a modular framework that can accommodate a wide range of compression algorithms; the ZLIB compression algorithm is mandatory-to-implement, but implementations may support other algorithms in addition.</abstract>
|
||||||
&LEGALNOTICE;
|
&LEGALNOTICE;
|
||||||
<number>0138</number>
|
<number>0138</number>
|
||||||
<status>Final</status>
|
<status>Obsolete</status>
|
||||||
<type>Standards Track</type>
|
<type>Standards Track</type>
|
||||||
<sig>Standards</sig>
|
<sig>Standards</sig>
|
||||||
<dependencies>
|
<dependencies>
|
||||||
@ -30,6 +30,12 @@
|
|||||||
<registry/>
|
<registry/>
|
||||||
&hildjj;
|
&hildjj;
|
||||||
&stpeter;
|
&stpeter;
|
||||||
|
<revision>
|
||||||
|
<version>2.1</version>
|
||||||
|
<date>2022-02-10</date>
|
||||||
|
<initials>tjb</initials>
|
||||||
|
<remark><p>Obsolete due to security vulnerability.</p></remark>
|
||||||
|
</revision>
|
||||||
<revision>
|
<revision>
|
||||||
<version>2.0</version>
|
<version>2.0</version>
|
||||||
<date>2009-05-27</date>
|
<date>2009-05-27</date>
|
||||||
@ -178,8 +184,7 @@
|
|||||||
</section1>
|
</section1>
|
||||||
|
|
||||||
<section1 topic='Security Considerations' anchor='security'>
|
<section1 topic='Security Considerations' anchor='security'>
|
||||||
<p>Stream encryption via TLS (as defined in <cite>RFC 3920</cite>) and stream compression (as defined herein) are not mutually exclusive, but stream encryption via TLS MUST be negotiated before negotiation of stream compression in order to secure the stream.</p>
|
<p>Due to attacks like &CRIME; that apply equally to the zlib method defined here, this method is deemed insecure.</p>
|
||||||
<p>Many of the security considerations related to TLS compression (see Section 6 of <cite>RFC 3749</cite>) also apply to stream compression.</p>
|
|
||||||
</section1>
|
</section1>
|
||||||
|
|
||||||
<section1 topic='IANA Considerations' anchor='iana'>
|
<section1 topic='IANA Considerations' anchor='iana'>
|
||||||
|
10
xep-0229.xml
10
xep-0229.xml
@ -10,7 +10,7 @@
|
|||||||
<abstract>This document specifies how to use the LZW algorithm in XML stream compression.</abstract>
|
<abstract>This document specifies how to use the LZW algorithm in XML stream compression.</abstract>
|
||||||
&LEGALNOTICE;
|
&LEGALNOTICE;
|
||||||
<number>0229</number>
|
<number>0229</number>
|
||||||
<status>Draft</status>
|
<status>Obsolete</status>
|
||||||
<type>Standards Track</type>
|
<type>Standards Track</type>
|
||||||
<sig>Standards</sig>
|
<sig>Standards</sig>
|
||||||
<dependencies>
|
<dependencies>
|
||||||
@ -21,6 +21,12 @@
|
|||||||
<supersededby/>
|
<supersededby/>
|
||||||
<shortname>N/A</shortname>
|
<shortname>N/A</shortname>
|
||||||
&stpeter;
|
&stpeter;
|
||||||
|
<revision>
|
||||||
|
<version>1.1</version>
|
||||||
|
<date>2022-02-10</date>
|
||||||
|
<initials>tjb</initials>
|
||||||
|
<remark><p>Obsolete due to security vulnerability.</p></remark>
|
||||||
|
</revision>
|
||||||
<revision>
|
<revision>
|
||||||
<version>1.0</version>
|
<version>1.0</version>
|
||||||
<date>2007-09-26</date>
|
<date>2007-09-26</date>
|
||||||
@ -70,7 +76,7 @@
|
|||||||
</section1>
|
</section1>
|
||||||
|
|
||||||
<section1 topic='Security Considerations' anchor='security'>
|
<section1 topic='Security Considerations' anchor='security'>
|
||||||
<p>The security considerations specified in <cite>XEP-0138</cite> apply to usage of the LZW algorithm.</p>
|
<p>Due to attacks like &CRIME; that apply equally to the lzw method defined here, this method is deemed insecure.</p>
|
||||||
</section1>
|
</section1>
|
||||||
|
|
||||||
<section1 topic='IANA Considerations' anchor='iana'>
|
<section1 topic='IANA Considerations' anchor='iana'>
|
||||||
|
1
xep.ent
1
xep.ent
@ -279,6 +279,7 @@ THE SOFTWARE.
|
|||||||
<!-- miscellaneous URLs -->
|
<!-- miscellaneous URLs -->
|
||||||
|
|
||||||
<!ENTITY clark "<span class='ref'><link url='http://www.jclark.com/xml/xmlns.htm'>Clark Notation</link></span> <note>Clark Notation, a syntax to allow universal names written as a URI in curly brackets followed by the local name; developed by James Clark. <<link url='http://www.jclark.com/xml/xmlns.htm'>http://www.jclark.com/xml/xmlns.htm</link>>.</note>" >
|
<!ENTITY clark "<span class='ref'><link url='http://www.jclark.com/xml/xmlns.htm'>Clark Notation</link></span> <note>Clark Notation, a syntax to allow universal names written as a URI in curly brackets followed by the local name; developed by James Clark. <<link url='http://www.jclark.com/xml/xmlns.htm'>http://www.jclark.com/xml/xmlns.htm</link>>.</note>" >
|
||||||
|
<!ENTITY CRIME "<span class='ref'><link url='https://blog.thijsalkema.de/blog/2014/08/07/https-attacks-and-xmpp-2-crime-and-breach/'>CRIME</link></span>" >
|
||||||
|
|
||||||
<!-- other organizations -->
|
<!-- other organizations -->
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user