moparisthebest
/
xeps
mirror of https://github.com/moparisthebest/xeps
1
0
Fork 0
Code Issues Releases Wiki Activity

XEP-0373 (ox): Fix 'to'-attribute requirements 

The XEP had the requirements for the 'to'-attribute of <sign/> and
<crypt/> interchanged. Thanks to defanor <defanor@uberspace.net> for
pointing this out.

Acked-by: Vincent Breitmoser <look@my.amazin.horse>
This commit is contained in:
Florian Schmaus 2020-11-23 16:08:34 +01:00
parent 00d7e0c39c
commit d36f469b7f
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
xep-0373.xml
View File

@ -46,6 +46,17 @@
<email>look@my.amazin.horse</email> <email>look@my.amazin.horse</email>
<jid>valodim@stratum0.org</jid> <jid>valodim@stratum0.org</jid>
</author> </author>
<revision>
<version>0.6.0</version>
<date>2020-11-22</date>
<initials>fs</initials>
<remark>
<p>Fix 'to'-attribute requirements: All content elements which are signed using OpenPGP need
that attribute to prevent Surreptitious Forward Attacks. The &crypt; element does not require
one, as the intented recipient is established by the encryption itself. The XEP had the
requirements for &sign; and &crypt; mixed up.</p>
</remark>
</revision>
<revision> <revision>
<version>0.5.0</version> <version>0.5.0</version>
<date>2020-06-19</date> <date>2020-06-19</date>
@ -229,7 +240,7 @@
</signcrypt>]]></example> </signcrypt>]]></example>
<p>OpenPGP content elements MUST possess exactly one 'time' <p>OpenPGP content elements MUST possess exactly one 'time'
element as direct child elements. The &signcrypt; and &crypt; element as direct child elements. The &signcrypt; and &sign;
content elements MUST contain at least one 'to' element(s), which content elements MUST contain at least one 'to' element(s), which
MUST have a 'jid' attribute containing the intended recipient's MUST have a 'jid' attribute containing the intended recipient's
XMPP address of the signed and/or encrypted data to prevent XMPP address of the signed and/or encrypted data to prevent
@ -241,7 +252,7 @@
(Ed.). Springer-Verlag, London, UK, UK, 83-107. &lt;<link (Ed.). Springer-Verlag, London, UK, UK, 83-107. &lt;<link
url='https://www.iacr.org/archive/eurocrypt2002/23320080/adr.pdf'>https://www.iacr.org/archive/eurocrypt2002/23320080/adr.pdf</link>&gt;</note>. url='https://www.iacr.org/archive/eurocrypt2002/23320080/adr.pdf'>https://www.iacr.org/archive/eurocrypt2002/23320080/adr.pdf</link>&gt;</note>.
The XMPP address found in the 'to' element's 'jid' attribute The XMPP address found in the 'to' element's 'jid' attribute
SHOULD be without Resourcepart (i.e., a bare JID). A &sign; content SHOULD be without Resourcepart (i.e., a bare JID). A &crypt; content
element may not carry a 'to' attribute. The 'time' element MUST element may not carry a 'to' attribute. The 'time' element MUST
have a 'stamp' attribute which contains the timestamp when the have a 'stamp' attribute which contains the timestamp when the
OpenPGP content element was signed and/or encrypted in the OpenPGP content element was signed and/or encrypted in the
@ -266,14 +277,14 @@
</tr> </tr>
<tr> <tr>
<td>&sign;</td> <td>&sign;</td>
<td>MAY NOT contain one</td> <td>MUST have at least one</td>
<td>MUST have exactly one</td> <td>MUST have exactly one</td>
<td>OPTIONAL</td> <td>OPTIONAL</td>
<td>MUST have exactly one</td> <td>MUST have exactly one</td>
</tr> </tr>
<tr> <tr>
<td>&crypt;</td> <td>&crypt;</td>
<td>MUST have at least one</td> <td>OPTIONAL</td>
<td>MUST have exactly one</td> <td>MUST have exactly one</td>
<td>SHOULD have exactly one</td> <td>SHOULD have exactly one</td>
<td>MUST have exactly one</td> <td>MUST have exactly one</td>