1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-21 16:55:07 -05:00

further clarified security considerations

git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@1111 4b5297f7-1745-476d-ba37-a9c6900126ab
This commit is contained in:
Peter Saint-Andre 2007-08-07 20:55:41 +00:00
parent c397fef7af
commit ea9921704e

View File

@ -779,7 +779,27 @@ That seems fine to me.
</section2>
</section1>
<section1 topic='Security Considerations' anchor='security'>
<p>The exclusion of scripts, applets, and other multimedia elements reduces the risk of exposure to harmful or malicious objects caused by inclusion of XHTML content. In order to reduce the risk of so-called "phishing" attacks, an implementation MAY choose not to make hyperlinks clickable. Because images served on the Internet may contain malicious instructions or software code and may enable the entity serving the image to determine the network availability of the requesting entity, an implementation MAY choose not to show images but instead show only the 'alt' text or to not fetch images offered by entities that are not authorized to view the user's presence.</p>
<section2 topic='Malicious Objects' anchor='security-code'>
<p>The exclusion of scripts, applets, binary objects, and other potentially executable code from XHTML-IM reduces the risk of exposure to harmful or malicious objects caused by inclusion of XHTML content. To further reduce the rick of such exposure, an implementation MAY choose to:</p>
<ul>
<li>Not make hyperlinks clickable</li>
<li>Not fetch images but instead show only the 'alt' text.</li>
</ul>
</section2>
<section2 topic='Phishing' anchor='security-phishing'>
<p>To reduce the risk of phishing attacks <note>Phishing has been defined as "a broadly launched social engineering attack in which an electronic identity is misrepresented in an attempt to trick individuals into revealing personal credentials that can be used fraudulently against them" (see <link url='http://fstc.org/projects/counter-phishing-phase-1/'>Financial Services Technology Consortium Counter-Phishing Initiative: Phase I</link>).</note>, an implementation MAY choose to:</p>
<ul>
<li>Display the value of the XHTML 'href' attribute instead of the XML character data of the &lt;a/&gt; element.</li>
<li>Display the value of XHTML 'href' attribute in addition to the XML character data of the &lt;a/&gt; element if the two values do not match.</li>
</ul>
</section2>
<section2 topic='Presence Leaks' anchor='security-presence'>
<p>The network availability of the receiver may be revealed if the receiver's client automatically loads images or the receiver clicks a link included in a message. Therefore an implementation MAY choose to:</p>
<ul>
<li>Not fetch images offered by senders that are not authorized to view the receiver's presence.</li>
<li>Warn the receiver before allowing the user to visit a URI provided by the sender.</li>
</ul>
</section2>
</section1>
<section1 topic='W3C Considerations' anchor='w3c'>
<p>The usage of XHTML 1.0 defined herein meets the requirements for XHTML 1.0 Integration Set document type conformance as defined in Section 3 ("Conformance Definition") of <cite>Modularization of XHTML</cite>.</p>