XEP-0368: Advance to draft

Also various editorial formatting fixes.
This commit is contained in:
Sam Whited 2017-03-09 09:25:59 -06:00
父節點 13ba68488f
當前提交 ce07ca9828
共有 1 個文件被更改,包括 17 次插入11 次删除

查看文件

@ -10,7 +10,7 @@
<abstract>This specification defines a procedure to look up xmpps-client/xmpps-server SRV records (for direct TLS connections) in addition to xmpp-client/xmpp-server and mix weights/priorities.</abstract>
&LEGALNOTICE;
<number>0368</number>
<status>Proposed</status>
<status>Draft</status>
<lastcall>2017-02-22</lastcall>
<lastcall>2017-02-11</lastcall>
<type>Standards Track</type>
@ -29,6 +29,12 @@
<email>travis@burtrum.org</email>
<jid>travis@burtrum.org</jid>
</author>
<revision>
<version>1.0.0</version>
<date>2017-03-09</date>
<initials>XEP Editor (ssw)</initials>
<remark><p>Advance to draft as approved by the XMPP Council.</p></remark>
</revision>
<revision>
<version>0.1.2</version>
<date>2017-02-15</date>
@ -78,17 +84,17 @@
<code><![CDATA[
_service._proto.name. TTL class SRV priority weight port target.
]]></code>
<p><cite>XMPP Core</cite> defines SRV records only where 'service' is 'xmpp-client' and 'xmpp-server'. This document specifies to additionally look up records where 'service' is 'xmpps-client' and 'xmpps-server'. This document specifies that the following additional rules apply:</p>
<p>&xmppcore; defines SRV records only where 'service' is 'xmpp-client' and 'xmpp-server'. This document specifies to additionally look up records where 'service' is 'xmpps-client' and 'xmpps-server'. This document specifies that the following additional rules apply:</p>
<ol>
<li>Both 'xmpp-' and 'xmpps-' records SHOULD be treated as the same record with regard to connection order as specified by <cite>RFC 2782</cite>, in that all priorities and weights are mixed. This enables the server operator to decide if they would rather clients connect with STARTTLS or direct TLS. However, clients MAY choose to prefer one type of connection over the other.</li>
<li>Both 'xmpp-' and 'xmpps-' records SHOULD be treated as the same record with regard to connection order as specified by &rfc2782;, in that all priorities and weights are mixed. This enables the server operator to decide if they would rather clients connect with STARTTLS or direct TLS. However, clients MAY choose to prefer one type of connection over the other.</li>
<li>Where 'service' starts with 'xmpps-' the client or server MUST connect with direct TLS enabled.</li>
<li>Where 'service' starts with 'xmpp-' the client or server MUST NOT connect with direct TLS enabled, connection method is unchanged from <cite>XMPP Core</cite>.</li>
<li>TLS certificates MUST be validated the same way as for STARTTLS. (i.e., as specified in <cite>XMPP Core</cite>).</li>
<li>Where 'service' starts with 'xmpp-' the client or server MUST NOT connect with direct TLS enabled, connection method is unchanged from &xmppcore;.</li>
<li>TLS certificates MUST be validated the same way as for STARTTLS. (i.e., as specified in &xmppcore;).</li>
<li>STARTTLS MUST NOT be used over direct TLS connections.</li>
<li>Client or server MUST set SNI TLS extension to the JID's domain part.</li>
<li>Client or server SHOULD set the ALPN (&rfc7301;) TLS extension.</li>
<li>When ALPN is used, the ALPN protocol MUST be 'xmpp-client', where the SRV service is 'xmpps-client'.</li>
<li>When ALPN is used, the ALPN protocol MUST be 'xmpp-server', where the SRV service is 'xmpps-server'.</li>
<li>When ALPN is used, the ALPN protocol MUST be '<strong>xmpp-client</strong>', where the SRV service is '<strong>xmpps-client</strong>'.</li>
<li>When ALPN is used, the ALPN protocol MUST be '<strong>xmpp-server</strong>', where the SRV service is '<strong>xmpps-server</strong>'.</li>
</ol>
</section1>
<section1 topic='Use Cases' anchor='usecases'>
@ -102,20 +108,20 @@
<p>Direct TLS provides AT LEAST the same level of security as STARTTLS, and more privacy without ALPN as using STARTTLS leaks that the underlying protocol is XMPP, while any direct TLS stream should be indistinguishable from any other direct TLS stream. Direct TLS provides more security than STARTTLS if &rfc7590; is not followed, as it isn't subject to STARTTLS stripping. All security setup and certificate validation code SHOULD be shared between the STARTTLS and direct TLS logic as well. All SRV-based connection methods are subject to DNS modification/stripping/spoofing of SRV records in the absence of DNSSEC.</p>
</section1>
<section1 topic='IANA Considerations' anchor='iana'>
<p>ALPN (<cite>RFC 7301</cite>) requires registration of new Protocol IDs. This document specifies two Protocol IDs:</p>
<p>ALPN (&rfc7301;) requires registration of new Protocol IDs. This document specifies two Protocol IDs:</p>
<p>
Protocol: XMPP jabber:client namespace<br/>
Identification Sequence:<br/>
&nbsp;&nbsp;&nbsp;0x78 0x6d 0x70 0x70 0x2d 0x63 0x6c 0x69 0x65 0x6e 0x74 ("xmpp-client")<br/>
Reference: [<link url='https://xmpp.org/extensions/xep-0368.html'>XEP-0368</link>]
Reference: [&xep0368;]
</p>
<p>
Protocol: XMPP jabber:server namespace<br/>
Identification Sequence:<br/>
&nbsp;&nbsp;&nbsp;0x78 0x6d 0x70 0x70 0x2d 0x73 0x65 0x72 0x76 0x65 0x72 ("xmpp-server")<br/>
Reference: [<link url='https://xmpp.org/extensions/xep-0368.html'>XEP-0368</link>]
Reference: [&xep0368;]
</p>
<p>The ALPN registry is currently located <link url='https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids'>here</link>.</p>
@ -129,6 +135,6 @@ Reference: [<link url='https://xmpp.org/extensions/xep-0368.html'>XEP-0368</link
</ol>
</section1>
<section1 topic='XMPP Registrar Considerations' anchor='registrar'>
<p>There are no XMPP Registrar Considerations.</p>
<p>This document requires no interaction with the &REGISTRAR;.</p>
</section1>
</xep>