mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-24 18:22:24 -05:00
protoXEP OpenPGP for XMPP Pubsub: version 0.0.4
add a security note to indicate that <shared-secret/> and <revoke/> sender must be checked.
This commit is contained in:
parent
bdadbb1fca
commit
e6e6cba2e5
@ -30,6 +30,16 @@
|
|||||||
<email>goffi@goffi.org</email>
|
<email>goffi@goffi.org</email>
|
||||||
<jid>goffi@jabber.fr</jid>
|
<jid>goffi@jabber.fr</jid>
|
||||||
</author>
|
</author>
|
||||||
|
<revision>
|
||||||
|
<version>0.0.4</version>
|
||||||
|
<date>2022-10-12</date>
|
||||||
|
<initials>jp</initials>
|
||||||
|
<remark>
|
||||||
|
<ul>
|
||||||
|
<li>add a security note to indicate that <shared-secret/> and <revoke/> sender must be checked.</li>
|
||||||
|
</ul>
|
||||||
|
</remark>
|
||||||
|
</revision>
|
||||||
<revision>
|
<revision>
|
||||||
<version>0.0.3</version>
|
<version>0.0.3</version>
|
||||||
<date>2022-10-10</date>
|
<date>2022-10-10</date>
|
||||||
@ -196,6 +206,7 @@
|
|||||||
|
|
||||||
<section1 topic='Security Considerations' anchor='security'>
|
<section1 topic='Security Considerations' anchor='security'>
|
||||||
<ul>
|
<ul>
|
||||||
|
<li>When receiving a <shared-secret/> or a <revoke/> element, the receiving client MUST ensure that the signing sender is the same as the one for all known shared secrets of this pubsub node. This prevents a malicious actor for misleading the client into using a non-legitimate secret.</li>
|
||||||
<li>To limit the surface of attack, the access model of an encrypted node should be set to "whitelist" and only people having the shared key should be allowed to retrieve encrypted items.</li>
|
<li>To limit the surface of attack, the access model of an encrypted node should be set to "whitelist" and only people having the shared key should be allowed to retrieve encrypted items.</li>
|
||||||
<li>If the shared key is compromised, or a user access is revoked, the key MUST be rotated. However, only new items are encrypted with the new key, any previous item should be considered as compromised too.</li>
|
<li>If the shared key is compromised, or a user access is revoked, the key MUST be rotated. However, only new items are encrypted with the new key, any previous item should be considered as compromised too.</li>
|
||||||
<li>Sometimes client may use metadata to construct item ID, this is notably the case for some &xep0277; implementation, as the resulting item ID is used to generate user friendly URLs. To avoid metadata leakage, clients SHOULD NOT derivate the item ID from any data of the item when pubsub encryption is used.</li>
|
<li>Sometimes client may use metadata to construct item ID, this is notably the case for some &xep0277; implementation, as the resulting item ID is used to generate user friendly URLs. To avoid metadata leakage, clients SHOULD NOT derivate the item ID from any data of the item when pubsub encryption is used.</li>
|
||||||
|
Loading…
Reference in New Issue
Block a user