From 00d7e0c39c50d18383a97fbf91f5b9608fbaaa74 Mon Sep 17 00:00:00 2001
From: Florian Schmaus <flo@geekplace.eu>
Date: Mon, 23 Nov 2020 16:06:59 +0100
Subject: [PATCH 1/2] XEP-0373 (ox): s/NOT REQUIRED/OPTIONAL/

"NOT REQUIRED" is not a RFC 2119 keyword, "OPTIONAL" is.
---
 xep-0373.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xep-0373.xml b/xep-0373.xml
index 4cad2eed..fde57cf9 100644
--- a/xep-0373.xml
+++ b/xep-0373.xml
@@ -268,7 +268,7 @@
         <td>&sign;</td>
         <td>MAY NOT contain one</td>
         <td>MUST have exactly one</td>
-        <td>NOT REQUIRED</td>
+        <td>OPTIONAL</td>
         <td>MUST have exactly one</td>
       </tr>
       <tr>

From d36f469b7fff9a300185eb2966a18f561b017fb4 Mon Sep 17 00:00:00 2001
From: Florian Schmaus <flo@geekplace.eu>
Date: Mon, 23 Nov 2020 16:08:34 +0100
Subject: [PATCH 2/2] XEP-0373 (ox): Fix 'to'-attribute requirements

The XEP had the requirements for the 'to'-attribute of <sign/> and
<crypt/> interchanged. Thanks to defanor <defanor@uberspace.net> for
pointing this out.

Acked-by: Vincent Breitmoser <look@my.amazin.horse>
---
 xep-0373.xml | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/xep-0373.xml b/xep-0373.xml
index fde57cf9..6d1add19 100644
--- a/xep-0373.xml
+++ b/xep-0373.xml
@@ -46,6 +46,17 @@
     <email>look@my.amazin.horse</email>
     <jid>valodim@stratum0.org</jid>
   </author>
+  <revision>
+    <version>0.6.0</version>
+    <date>2020-11-22</date>
+    <initials>fs</initials>
+    <remark>
+      <p>Fix 'to'-attribute requirements: All content elements which are signed using OpenPGP need
+      that attribute to prevent Surreptitious Forward Attacks. The &crypt; element does not require
+      one, as the intented recipient is established by the encryption itself. The XEP had the
+      requirements for &sign; and &crypt; mixed up.</p>
+    </remark>
+  </revision>
   <revision>
     <version>0.5.0</version>
     <date>2020-06-19</date>
@@ -229,7 +240,7 @@
 </signcrypt>]]></example>
 
     <p>OpenPGP content elements MUST possess exactly one 'time'
-    element as direct child elements. The &signcrypt; and &crypt;
+    element as direct child elements. The &signcrypt; and &sign;
     content elements MUST contain at least one 'to' element(s), which
     MUST have a 'jid' attribute containing the intended recipient's
     XMPP address of the signed and/or encrypted data to prevent
@@ -241,7 +252,7 @@
     (Ed.). Springer-Verlag, London, UK, UK, 83-107. &lt;<link
     url='https://www.iacr.org/archive/eurocrypt2002/23320080/adr.pdf'>https://www.iacr.org/archive/eurocrypt2002/23320080/adr.pdf</link>&gt;</note>.
     The XMPP address found in the 'to' element's 'jid' attribute
-    SHOULD be without Resourcepart (i.e., a bare JID). A &sign; content
+    SHOULD be without Resourcepart (i.e., a bare JID). A &crypt; content
     element may not carry a 'to' attribute. The 'time' element MUST
     have a 'stamp' attribute which contains the timestamp when the
     OpenPGP content element was signed and/or encrypted in the
@@ -266,14 +277,14 @@
       </tr>
       <tr>
         <td>&sign;</td>
-        <td>MAY NOT contain one</td>
+        <td>MUST have at least one</td>
         <td>MUST have exactly one</td>
         <td>OPTIONAL</td>
         <td>MUST have exactly one</td>
       </tr>
       <tr>
         <td>&crypt;</td>
-        <td>MUST have at least one</td>
+        <td>OPTIONAL</td>
         <td>MUST have exactly one</td>
         <td>SHOULD have exactly one</td>
         <td>MUST have exactly one</td>