mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-11 03:45:02 -05:00
Obsolete and update Security Considerations for XEP-0138 and XEP-0229
This commit is contained in:
parent
0c6f1d4fbe
commit
c2de9cfb15
11
xep-0138.xml
11
xep-0138.xml
@ -10,7 +10,7 @@
|
||||
<abstract>This document defines an XMPP protocol extension for negotiating compression of XML streams, especially in situations where standard TLS compression cannot be negotiated. The protocol provides a modular framework that can accommodate a wide range of compression algorithms; the ZLIB compression algorithm is mandatory-to-implement, but implementations may support other algorithms in addition.</abstract>
|
||||
&LEGALNOTICE;
|
||||
<number>0138</number>
|
||||
<status>Final</status>
|
||||
<status>Obsolete</status>
|
||||
<type>Standards Track</type>
|
||||
<sig>Standards</sig>
|
||||
<dependencies>
|
||||
@ -30,6 +30,12 @@
|
||||
<registry/>
|
||||
&hildjj;
|
||||
&stpeter;
|
||||
<revision>
|
||||
<version>2.1</version>
|
||||
<date>2022-02-10</date>
|
||||
<initials>tjb</initials>
|
||||
<remark><p>Obsolete due to security vulnerability.</p></remark>
|
||||
</revision>
|
||||
<revision>
|
||||
<version>2.0</version>
|
||||
<date>2009-05-27</date>
|
||||
@ -178,8 +184,7 @@
|
||||
</section1>
|
||||
|
||||
<section1 topic='Security Considerations' anchor='security'>
|
||||
<p>Stream encryption via TLS (as defined in <cite>RFC 3920</cite>) and stream compression (as defined herein) are not mutually exclusive, but stream encryption via TLS MUST be negotiated before negotiation of stream compression in order to secure the stream.</p>
|
||||
<p>Many of the security considerations related to TLS compression (see Section 6 of <cite>RFC 3749</cite>) also apply to stream compression.</p>
|
||||
<p>Due to attacks like &CRIME; that apply equally to the zlib method defined here, this method is deemed insecure.</p>
|
||||
</section1>
|
||||
|
||||
<section1 topic='IANA Considerations' anchor='iana'>
|
||||
|
10
xep-0229.xml
10
xep-0229.xml
@ -10,7 +10,7 @@
|
||||
<abstract>This document specifies how to use the LZW algorithm in XML stream compression.</abstract>
|
||||
&LEGALNOTICE;
|
||||
<number>0229</number>
|
||||
<status>Draft</status>
|
||||
<status>Obsolete</status>
|
||||
<type>Standards Track</type>
|
||||
<sig>Standards</sig>
|
||||
<dependencies>
|
||||
@ -21,6 +21,12 @@
|
||||
<supersededby/>
|
||||
<shortname>N/A</shortname>
|
||||
&stpeter;
|
||||
<revision>
|
||||
<version>1.1</version>
|
||||
<date>2022-02-10</date>
|
||||
<initials>tjb</initials>
|
||||
<remark><p>Obsolete due to security vulnerability.</p></remark>
|
||||
</revision>
|
||||
<revision>
|
||||
<version>1.0</version>
|
||||
<date>2007-09-26</date>
|
||||
@ -70,7 +76,7 @@
|
||||
</section1>
|
||||
|
||||
<section1 topic='Security Considerations' anchor='security'>
|
||||
<p>The security considerations specified in <cite>XEP-0138</cite> apply to usage of the LZW algorithm.</p>
|
||||
<p>Due to attacks like &CRIME; that apply equally to the lzw method defined here, this method is deemed insecure.</p>
|
||||
</section1>
|
||||
|
||||
<section1 topic='IANA Considerations' anchor='iana'>
|
||||
|
1
xep.ent
1
xep.ent
@ -279,6 +279,7 @@ THE SOFTWARE.
|
||||
<!-- miscellaneous URLs -->
|
||||
|
||||
<!ENTITY clark "<span class='ref'><link url='http://www.jclark.com/xml/xmlns.htm'>Clark Notation</link></span> <note>Clark Notation, a syntax to allow universal names written as a URI in curly brackets followed by the local name; developed by James Clark. <<link url='http://www.jclark.com/xml/xmlns.htm'>http://www.jclark.com/xml/xmlns.htm</link>>.</note>" >
|
||||
<!ENTITY CRIME "<span class='ref'><link url='https://blog.thijsalkema.de/blog/2014/08/07/https-attacks-and-xmpp-2-crime-and-breach/'>CRIME</link></span>" >
|
||||
|
||||
<!-- other organizations -->
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user