XEP-0373 (ox): Fix 'to'-attribute requirements

The XEP had the requirements for the 'to'-attribute of <sign/> and <crypt/> interchanged. Thanks to defanor <defanor@uberspace.net> for pointing this out. Acked-by: Vincent Breitmoser <look@my.amazin.horse>
2024-11-21 08:45:04 -05:00 · 2020-11-23 16:08:34 +01:00 · 2020-11-23 16:08:34 +01:00 · d36f469b7f
commit d36f469b7f
parent 00d7e0c39c
1 changed files with 15 additions and 4 deletions
--- a/xep-0373.xml
+++ b/xep-0373.xml
@ -46,6 +46,17 @@
    <email>look@my.amazin.horse</email>
    <jid>valodim@stratum0.org</jid>
  </author>
+  <revision>
+    <version>0.6.0</version>
+    <date>2020-11-22</date>
+    <initials>fs</initials>
+    <remark>
+      <p>Fix 'to'-attribute requirements: All content elements which are signed using OpenPGP need
+      that attribute to prevent Surreptitious Forward Attacks. The &crypt; element does not require
+      one, as the intented recipient is established by the encryption itself. The XEP had the
+      requirements for &sign; and &crypt; mixed up.</p>
+    </remark>
+  </revision>
  <revision>
    <version>0.5.0</version>
    <date>2020-06-19</date>
@ -229,7 +240,7 @@
 </signcrypt>]]></example>

    <p>OpenPGP content elements MUST possess exactly one 'time'
-    element as direct child elements. The &signcrypt; and &crypt;
+    element as direct child elements. The &signcrypt; and &sign;
    content elements MUST contain at least one 'to' element(s), which
    MUST have a 'jid' attribute containing the intended recipient's
    XMPP address of the signed and/or encrypted data to prevent
@ -241,7 +252,7 @@
    (Ed.). Springer-Verlag, London, UK, UK, 83-107. &lt;<link
    url='https://www.iacr.org/archive/eurocrypt2002/23320080/adr.pdf'>https://www.iacr.org/archive/eurocrypt2002/23320080/adr.pdf</link>&gt;</note>.
    The XMPP address found in the 'to' element's 'jid' attribute
-    SHOULD be without Resourcepart (i.e., a bare JID). A &sign; content
+    SHOULD be without Resourcepart (i.e., a bare JID). A &crypt; content
    element may not carry a 'to' attribute. The 'time' element MUST
    have a 'stamp' attribute which contains the timestamp when the
    OpenPGP content element was signed and/or encrypted in the
@ -266,14 +277,14 @@
      </tr>
      <tr>
        <td>&sign;</td>
-        <td>MAY NOT contain one</td>
+        <td>MUST have at least one</td>
        <td>MUST have exactly one</td>
        <td>OPTIONAL</td>
        <td>MUST have exactly one</td>
      </tr>
      <tr>
        <td>&crypt;</td>
-        <td>MUST have at least one</td>
+        <td>OPTIONAL</td>
        <td>MUST have exactly one</td>
        <td>SHOULD have exactly one</td>
        <td>MUST have exactly one</td>