1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-24 10:12:19 -05:00

1.0 ACTIVE

git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@2616 4b5297f7-1745-476d-ba37-a9c6900126ab
This commit is contained in:
Peter Saint-Andre 2009-01-08 04:44:33 +00:00
parent 6c118355aa
commit c39b41ccab

View File

@ -10,7 +10,7 @@
<abstract>This document recommends a number of practices that can help discourage denial of service attacks on XMPP-based networks.</abstract> <abstract>This document recommends a number of practices that can help discourage denial of service attacks on XMPP-based networks.</abstract>
&LEGALNOTICE; &LEGALNOTICE;
<number>0205</number> <number>0205</number>
<status>Proposed</status> <status>Active</status>
<type>Informational</type> <type>Informational</type>
<sig>Standards</sig> <sig>Standards</sig>
<dependencies> <dependencies>
@ -21,6 +21,12 @@
<supersededby/> <supersededby/>
<shortname>N/A</shortname> <shortname>N/A</shortname>
&stpeter; &stpeter;
<revision>
<version>1.0</version>
<date>2009-01-07</date>
<initials>psa</initials>
<remark><p>Per a vote of the XMPP Council, advanced specification to Active; also corrected errors namespace for consistency with XEP-0182.</p></remark>
</revision>
<revision> <revision>
<version>0.3</version> <version>0.3</version>
<date>2008-12-19</date> <date>2008-12-19</date>
@ -108,7 +114,7 @@
</bind> </bind>
<error type='cancel'> <error type='cancel'>
<resource-constraint xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/> <resource-constraint xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
<resource-limit-exceeded xmlns='http://jabber.org/protocol/errors'/> <resource-limit-exceeded xmlns='urn:xmpperrors'/>
</error> </error>
</iq> </iq>
]]></example> ]]></example>
@ -120,7 +126,7 @@
<message from='shakespeare.lit' to='iago@shakespare.lit/evilos'> <message from='shakespeare.lit' to='iago@shakespare.lit/evilos'>
<error type='modify'> <error type='modify'>
<not-allowed xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/> <not-allowed xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
<stanza-too-big xmlns='http://jabber.org/protocol/errors'/> <stanza-too-big xmlns='urn:xmpp:errors'/>
</error> </error>
</message> </message>
]]></example> ]]></example>
@ -129,7 +135,7 @@
<example caption='Stanza size limit violation: stream error'><![CDATA[ <example caption='Stanza size limit violation: stream error'><![CDATA[
<stream:error> <stream:error>
<policy-violation xmlns='urn:ietf:params:xml:ns:xmpp-streams'/> <policy-violation xmlns='urn:ietf:params:xml:ns:xmpp-streams'/>
<stanza-too-big xmlns='http://jabber.org/protocol/errors'/> <stanza-too-big xmlns='urn:xmpp:errors'/>
</stream:error> </stream:error>
</stream:stream> </stream:stream>
]]></example> ]]></example>
@ -141,7 +147,7 @@
<message from='iago@shakespeare.lit/evilos' to='juliet@capulet.lit'> <message from='iago@shakespeare.lit/evilos' to='juliet@capulet.lit'>
<error type='wait'> <error type='wait'>
<unexpected-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/> <unexpected-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
<too-many-stanzas xmlns='http://jabber.org/protocol/errors'/> <too-many-stanzas xmlns='urn:xmpp:errors'/>
</error> </error>
</message> </message>
]]></example> ]]></example>
@ -167,7 +173,7 @@
</section2> </section2>
</section1> </section1>
<section1 topic='Implementation Considerations' anchor='impl'> <section1 topic='Implementation Considerations' anchor='impl'>
<p>Implementations MAY enable administrators to configurate appropriate exceptions to some of the recommendations specified in this document. Examples include:</p> <p>Implementations MAY enable administrators to configure appropriate exceptions to some of the recommendations specified in this document. Examples include:</p>
<ul> <ul>
<li>Less strict limits for server administrators compared to entities associated with registered accounts, and for entities associated with registered accounts compared to anonymous entities.</li> <li>Less strict limits for server administrators compared to entities associated with registered accounts, and for entities associated with registered accounts compared to anonymous entities.</li>
<li>Less strict limits for entities that authenticate via strong authentication methods (e.g., TLS + SASL EXTERNAL) compared to entities that authenticate via weaker authentication methods (e.g., TLS + SASL PLAIN or server dialback).</li> <li>Less strict limits for entities that authenticate via strong authentication methods (e.g., TLS + SASL EXTERNAL) compared to entities that authenticate via weaker authentication methods (e.g., TLS + SASL PLAIN or server dialback).</li>
@ -182,27 +188,29 @@
<p>This document requires no interaction with &IANA;.</p> <p>This document requires no interaction with &IANA;.</p>
</section1> </section1>
<section1 topic='XMPP Registrar Considerations' anchor='registrar'> <section1 topic='XMPP Registrar Considerations' anchor='registrar'>
<p>The &REGISTRAR; shall add &lt;resource-limit-exceeded/&gt; to its registry of application-specific error conditions (see &APPERRORS;), where the element is qualified by the 'http://jabber.org/protocol/errors' namespace.</p> <p>The &REGISTRAR; includes &lt;resource-limit-exceeded/&gt; and &lt;too-many-stanzas/&gt; in its registry of application-specific error conditions (see &APPERRORS;), where the element is qualified by the 'urn:xmpp:errors' namespace as described in &xep0182;.</p>
<p>The registry submission is as follows:</p> <p>The registry submission is as follows:</p>
<code><![CDATA[ <code><![CDATA[
<condition> <condition>
<ns>http://jabber.org/protocol/errors</ns> <ns>urn:xmpp:errors</ns>
<element>resource-limit-exceeded</element> <element>resource-limit-exceeded</element>
<desc>the account is not allowed to bind more resources at this time</desc> <desc>
The account is not allowed to bind more resources at this time.
</desc>
<doc>XEP-0205</doc> <doc>XEP-0205</doc>
</condition> </condition>
<condition> <condition>
<ns>http://jabber.org/protocol/errors</ns> <ns>urn:xmpp:errors</ns>
<element>too-many-stanzas</element> <element>too-many-stanzas</element>
<desc> <desc>
a connected client has attempted to send multiple stanzas to too many A connected client has attempted to send multiple stanzas to
different intended recipients in a given time period too many different intended recipients in a given time period.
</desc> </desc>
<doc>XEP-0205</doc> <doc>XEP-0205</doc>
</condition> </condition>
]]></code> ]]></code>
</section1> </section1>
<section1 topic='Acknowledgements' anchor='ack'> <section1 topic='Acknowledgements' anchor='ack'>
<p>Special thanks to Chris Mullins for calling attention to the need for a specification detailing best practices such as those recommended herein. Thanks also to Thiago Camargo, Bruce Campbell, Dave Cridland, Gustavo Felisberto, Justin Karneges, Pedro Melo, Kevin Smith, Michal Vaner, and Matthew Wild for their suggestions.</p> <p>Special thanks to Chris Mullins for calling attention to the need for a specification on this topic. Thanks also to Thiago Camargo, Bruce Campbell, Dave Cridland, Gustavo Felisberto, Justin Karneges, Pedro Melo, Kevin Smith, Michal Vaner, and Matthew Wild for their suggestions.</p>
</section1> </section1>
</xep> </xep>