XEP-STANZA-ID (359): Add security consideration and <referenced-stanza/>

xep-0359.xml

@@ -12,7 +12,7 @@
   <abstract>This specification describes unique and stable IDs for messages.</abstract>
   &LEGALNOTICE;
   <number>0359</number>
-  <status>Deferred</status>
+  <status>Experimental</status>
   <lastcall>2018-11-03</lastcall>
   <type>Standards Track</type>
   <sig>Standards</sig>
@@ -24,6 +24,12 @@
   <supersededby/>
   <shortname>stanza-id</shortname>
   &flow;
+  <revision>
+    <version>0.7.0</version>
+    <date>2023-02-20</date>
+    <initials>fs</initials>
+    <remark><p>Add security consideration regarding spoofability and reference example</p></remark>
+  </revision>
   <revision>
     <version>0.6.1</version>
     <date>2020-11-03</date>
@@ -166,6 +172,12 @@
 	<li>The value of the 'by' attribute MUST be the XMPP address of the entity assigning the unique and stable stanza ID. For one-on-one messages the assigning entity is the account. In groupchats the assigning entity is the room. Note that XMPP addresses are normalized as defined in &rfc6122;.</li>
   </ol>
 </section1>
+<section1 topic='Referencing Other Stanzas' anchor='referencing'>
+  <p>The &lt;referenced-stanza/&gt; element can be used to reference another stanza. The &lt;referenced-stanza/&gt; element MUST be qualified by the 'urn:xmpp:sid:0' namespace and MUST have an 'id' attribute and SHOULD have a 'by' attribute. The values of the attributes are the values of the referenced stanza's &lt;stanza-id/&gt; element.</p>
+  <example caption='Example &lt;referenced-stanza/&gt; element'><![CDATA[
+<referenced-stanza xmlns='urn:xmpp:sid:0' id='xep359-stanza-id' by='muc.example.org'/>
+]]></example>
+</section1>
 <section1 topic='Discovering Support' anchor='disco'>
   <p>An entity that follows the business rules, especially the rule on overriding the ID in elements where the by atttribute matches the 'by' attribute they would otherwise set, SHOULD announce the 'urn:xmpp:sid:0' namespace in its disco features allowing other entities to verify that those business rules are properly enforced.</p>
   <example caption='Client sends service discovery request to the room'><![CDATA[
@@ -190,6 +202,7 @@
 ]]></example>
 </section1>
 <section1 topic='Security Considerations' anchor='security'>
+  <p>The value of origin-id is spoofable and hence SHOULD not be used when referencing other stanzas. The value tuple of 'id' and 'by' of the stanza-id element is unspoofable iff all involved implementations follow the requirements of this specification.</p>
   <p>The value of the 'id' attribute should not provide any further information besides the opaque ID itself. Entities observing the value MUST NOT be able to infer any information from it, e.g. the size of the message archive. The value of 'id' MUST be considered a non-secret value.</p>
   <p>Before processing the stanza ID of a message and using it for deduplication purposes or for MAM catchup, the receiving entity SHOULD ensure that the stanza ID could not have been faked, by verifying that the entity referenced in the by attribute does annouce the 'urn:xmpp:sid:0' namespace in its disco features.</p>
 </section1>
@@ -241,9 +254,16 @@
     </xs:complexType>
   </xs:element>
 
+  <xs:element name='referenced-stanza'>
+    <xs:complexType>
+      <xs:attribute name='id' type='xs:string' use='required'/>
+      <xs:attribute name='by' type='xs:string' use='optional'/>
+    </xs:complexType>
+  </xs:element>
+
 </xs:schema>]]></code>
 </section1>
 <section1 topic='Acknowledgements' anchor='ack'>
-  <p>Thanks to Thijs Alkemade and Georg Lukas for providing feedback.</p>
+  <p>Thanks to Thijs Alkemade, Georg Lukas, and Maxime Buquet for providing feedback.</p>
 </section1>
 </xep>