mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-21 16:55:07 -05:00
XEP-0210 links
git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@829 4b5297f7-1745-476d-ba37-a9c6900126ab
This commit is contained in:
parent
581b04d14e
commit
d371dd9652
@ -169,7 +169,7 @@
|
||||
<section1 topic='Introduction' anchor='intro'>
|
||||
<p>End-to-end encryption is a desirable feature for any communication technology. Ideally, such a technology would design encryption in from the beginning and would forbid unencrypted communications. Realistically, most communication technologies have not been designed in that manner, and Jabber/XMPP technologies are no exception. In particular, the original Jabber technologies developed in 1999 did not include end-to-end encryption by default. PGP-based encryption of message bodies and signing of presence information was added as an extension to the core protocols in the year 2000; this extension is documented in &xep0027;. When the core protocols were formalized within the Internet Standards Process by the IETF's XMPP Working Group in 2003, a different extension was defined using S/MIME-based signing and encryption of CPIM-formatted messages (see &rfc3862;) and PIDF-formatted presence information (see &rfc3863;); this extension is specified in &rfc3923;.</p>
|
||||
<p>For reasons described in &xep0188;, the foregoing proposals (and others not mentioned) have not been widely implemented and deployed. This is unfortunate, since an open communication protocol needs to enable end-to-end encryption in order to be seriously considered for deployment by a broad range of users.</p>
|
||||
<p>This proposal describes a different approach to end-to-end encryption for use by entities that communicate using XMPP. The requirements and the consequent cryptographic design that underpin this protocol are described in &xep0207; and <cite>Cryptographic Design of Encrypted Sessions</cite>. The basic concept is that of an encrypted session which acts as a secure tunnel between two endpoints. Once the tunnel is established, the content of each one-to-one XML stanza exchanged between the endpoints will be encrypted and then transmitted within a "wrapper" stanza using &xep0200;.</p>
|
||||
<p>This proposal describes a different approach to end-to-end encryption for use by entities that communicate using XMPP. The requirements and the consequent cryptographic design that underpin this protocol are described in &xep0210; and <cite>Cryptographic Design of Encrypted Sessions</cite>. The basic concept is that of an encrypted session which acts as a secure tunnel between two endpoints. Once the tunnel is established, the content of each one-to-one XML stanza exchanged between the endpoints will be encrypted and then transmitted within a "wrapper" stanza using &xep0200;.</p>
|
||||
</section1>
|
||||
|
||||
<section1 topic="Dramatis Personae" anchor='personae'>
|
||||
|
@ -104,7 +104,7 @@
|
||||
<li>Other security features described in <cite>Cryptographic Design of Encrypted Sessions</cite></li>
|
||||
<li>Most of the code can be borrowed from implementations of <cite>Encrypted Session Negotiation</cite></li>
|
||||
</ul>
|
||||
<p>The requirements and the consequent cryptographic design that underpin this protocol are described in &xep0207; and <cite>Cryptographic Design of Encrypted Sessions</cite>. The basic concept is that of an encrypted session which acts as a secure tunnel between the online endpoint and the offline endpoint. The offline endpoint completes its part of the tunnel "negotiation" by publishing its preferences before it goes offline. Once the tunnel is established by the online endpoint, the content of each one-to-one XML stanza sent by the online endpoint is encrypted and then transmitted within a "wrapper" stanza using &xep0200;.</p>
|
||||
<p>The requirements and the consequent cryptographic design that underpin this protocol are described in &xep0210; and <cite>Cryptographic Design of Encrypted Sessions</cite>. The basic concept is that of an encrypted session which acts as a secure tunnel between the online endpoint and the offline endpoint. The offline endpoint completes its part of the tunnel "negotiation" by publishing its preferences before it goes offline. Once the tunnel is established by the online endpoint, the content of each one-to-one XML stanza sent by the online endpoint is encrypted and then transmitted within a "wrapper" stanza using &xep0200;.</p>
|
||||
</section1>
|
||||
|
||||
<section1 topic="Dramatis Personae" anchor='personae'>
|
||||
|
@ -53,7 +53,7 @@
|
||||
|
||||
|
||||
<section1 topic="Requirements" anchor='require'>
|
||||
<p>The requirements and the consequent cryptographic design that underpin this protocol and its associated protocols are described in &xep0207; and <cite>Cryptographic Design of Encrypted Sessions</cite>. The specific objectives of this protocol include:</p>
|
||||
<p>The requirements and the consequent cryptographic design that underpin this protocol and its associated protocols are described in &xep0210; and <cite>Cryptographic Design of Encrypted Sessions</cite>. The specific objectives of this protocol include:</p>
|
||||
<ul>
|
||||
<li><p>Encryption of the full stanza content (except that which is required for stanza routing)</p></li>
|
||||
<li><p>Minimise the Perfect Forward Secrecy window by enabling light-weight renegotiation of the short-term keys without requiring a full session renegotiation.</p></li>
|
||||
|
Loading…
Reference in New Issue
Block a user