moparisthebest
/
xeps
mirror of https://github.com/moparisthebest/xeps
1
0
Fork 0
Code Issues Releases Wiki Activity

0.17 

git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@1821 4b5297f7-1745-476d-ba37-a9c6900126ab
This commit is contained in:
Peter Saint-Andre 2008-05-01 02:57:39 +00:00
parent b7f1edb1b3
commit f926037398
1 changed files with 12 additions and 360 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

372
xep-0136.xml
View File

@ -19,12 +19,10 @@
<spec>XEP-0030</spec>
<spec>XEP-0059</spec>
<spec>XEP-0060</spec>
<spec>W3C XML Encryption</spec>
<spec>W3C XML Signature</spec>
</dependencies>
<supersedes/>
<supersededby/>
<shortname>TO BE ASSIGNED</shortname>
<shortname>NOT_YET_ASSIGNED</shortname>
&ianpaterson;
<author>
<firstname>Jon</firstname>
@ -34,6 +32,12 @@
</author>
&stpeter;
&infiniti;
<revision>
<version>0.17</version>
<date>2008-04-30</date>
<initials>psa</initials>
<remark><p>Split encryption content off into new specification.</p></remark>
</revision>
<revision>
<version>0.16</version>
<date>2008-04-15</date>
@ -208,7 +212,7 @@
<li>stream -- the saving entity SHOULD save every byte that passes over the stream in either direction. ***</li>
</ul>
<p>* Note: When archiving <em>locally</em> a client MAY save the full XML content of each &MESSAGE; element even if the Save Mode is 'body'.</p>
<p>** Note: Support for the 'message' value is optional and, to conserve bandwidth and storage space, it is RECOMMENDED that client implementations do not specify the 'message' value. <note>Stream compression typically does not mitigate bandwidth and storage issues since collections SHOULD be encrypted, and since clients running in constrained runtime environments typically cannot take advantage of stream compression (no binary data, only XML, may be transfered).</note></p>
<p>** Note: Support for the 'message' value is optional and, to conserve bandwidth and storage space, it is RECOMMENDED that client implementations do not specify the 'message' value. <note>Stream compression typically does not mitigate bandwidth and storage issues since clients running in constrained runtime environments typically cannot take advantage of stream compression (no binary data, only XML, may be transfered).</note></p>
<p>*** Note: The upload, retrieval and management of 'stream' archives is currently beyond the scope of this document.</p>
</section4>
</section3>
@ -557,11 +561,11 @@
<ul>
<li>Messages are encrypted using evanescent keys, as in &xep0116;</li>
<li>A client's own server does not support automatic archiving but it (or another server) does support manual archiving</li>
<li>A server does not support encryption of auto-archived collections</li>
<li>A server does not support encryption of auto-archived collections (see &xep0241;)</li>
<li>A client wants to maintain a unified archive for messages that were transmitted both in and out-of-band (e.g. SMS or email)</li>
<li>A client wants to append private notes to a conversation</li>
</ul>
<p>Therefore, often a client will want to send or receive a sequence of messages, optionally add private notes to the sequence, optionally encrypt the sequence, and then ask the server to archive it. Such messages and notes SHOULD be stored on the server in the form of a "collection".</p>
<p>Therefore, often a client will want to send or receive a sequence of messages, optionally add private notes to the sequence, optionally encrypt the sequence (see <cite>XEP-0241</cite>), and then ask the server to archive it. Such messages and notes SHOULD be stored on the server in the form of a "collection".</p>
</section2>
<section2 topic='Uploading Messages to a Collection' anchor='manual-upload'>
<p>A collection of messages and notes is uploaded to the server encapsulated in a &lt;save/&gt; element.</p>
@ -733,7 +737,7 @@
</save>
</iq>
]]></example>
<p>As described in the <link url='#crypt'>Encryption</link> section of this document, the content of the uploaded x:data form MAY be encrypted.</p>
<p>As described in <cite>XEP-0241</cite>, the content of the uploaded x:data form MAY be encrypted.</p>
</section2>
</section1>
@ -769,28 +773,6 @@
<error type='cancel'>
<feature-not-implemented xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
</error>
</iq>
]]></example>
<p>The client can enable auto-archiving with server-side encryption by setting the 'save' attribute to "true" or "1" and setting the 'encrypt' attribute to "true" or "1".</p>
<example caption='Client enables auto archiving with encryption'><![CDATA[
<iq type='set' id='auto2'>
<auto encrypt='true' save='true' xmlns='urn:xmpp:tmp:archive'/>
</iq>
]]></example>
<p>If the server does not support encryption but the client attempts to enable encryption, the server MUST return a &feature; error.</p>
<example caption='Server Does Not Support Encrypted Messages'><![CDATA[
<iq type='error' id='auto2'>
<error type='cancel'>
<feature-not-implemented xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
</error>
</iq>
]]></example>
<p>If the server supports encryption but there is no public key available for the user (e.g., as published via &xep0189;, the server MUST return a &notacceptable; error.</p>
<example caption='No Public Key Available'><![CDATA[
<iq type='error' id='auto2'>
<error type='modify'>
<not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
</error>
</iq>
]]></example>
<p>The client can disable auto-archiving by setting the 'save' attribute to "false" or "0".</p>
@ -1068,330 +1050,6 @@
<p>After receiving each result set page the client SHOULD delete from its local archive any collections that have been removed from the master archive. The client should also retrieve from the server the content of each collection that has been modified (see <link url='#retrieve'>Retrieving a Collection</link>) and add it to its local copy of the archive (deleting any older version of the same collection that it may already have).</p>
</section1>
<section1 topic='Encryption' anchor='crypt'>
<p>The examples above are not encrypted for clarity. However, clients SHOULD encrypt their archived collections. This section describes how to do so.</p>
<section2 topic='Encryption of Manually-Archived Collections' anchor='crypt-manual'>
<p>Clients SHOULD encrypt manually-archived collections (although early implementations of this protocol MAY prefer to defer encryption and decryption to later releases). Servers MUST support the manual-archiving of encrypted collections.</p>
<p>Before uploading a sequence of messages to a collection, the client SHOULD select a symmetric data encryption algorithm, generate a suitable random encryption key, give the key a unique (for the user) name, encrypt the symmetric key with one of the user's public keys, and wrap the result inside one or more &lt;EncryptedKey/&gt; elements, as specified in &w3xmlenc;.</p>
<p>To ensure that all its user's clients will be able to decrypt the collection, the client SHOULD create one &lt;EncryptedKey/&gt; element for each of its user's public keys that are being published using &xep0189;. However, the client MUST NOT create an &lt;EncryptedKey/&gt; element for any public key until it has confirmed that it belongs to the user. Note: The fact that a public key is being published using <cite>XEP-0189</cite> is <em>not</em> sufficient proof of ownership, since the user's server may have been compromised at some stage. The method of confirmation is beyond the scope of this document.</p>
<p>The client SHOULD use the symmetric key to encrypt the joined sequence of &lt;to/&gt;, &lt;from/&gt; and &lt;note/&gt; elements, base64 encode the resulting sequence of bytes, and wrap it inside an &lt;EncryptedData/&gt; element, as described in <cite>XML Encryption</cite>.</p>
<p>Clients may add one or more &lt;EncryptedData/&gt; or &lt;EncryptedKey/&gt; elements to a collection using exactly the same method as for &lt;to/&gt;, &lt;from/&gt; and &lt;note/&gt; elements (see <link url='#manual-upload'>Uploading Messages to a Collection</link>). One collection may contain &lt;EncryptedData/&gt; elements encrypted with different symmetric keys.</p>
<p>When appending &lt;EncryptedData/&gt; elements to a collection, the client MAY reuse a symmetric Key that has already been uploaded to the collection. In this case the client SHOULD NOT resend &lt;EncryptedKey/&gt; elements.</p>
<p>Note: A collection that contains &lt;EncryptedData/&gt; or &lt;EncryptedKey/&gt; elements MUST NOT contain &lt;to/&gt; or &lt;from/&gt; or &lt;note/&gt; elements.</p>
<example caption='Storing encrypted messages and keys in a collection'><![CDATA[
<iq type='set' id='crypt1'>
<save xmlns='urn:xmpp:tmp:archive'>
<chat with='juliet@capulet.com/chamber'
start='1469-07-23T19:22:31Z'
subject='She speaks!'>
<EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#'
Type='http://www.w3.org/2001/04/xmlenc#Content'>
<EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc'/>
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
<KeyName>dataKey1</KeyName>
</KeyInfo>
<CipherData><CipherValue>+OGQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZ</CipherValue></CipherData>
</EncryptedData>
<EncryptedKey xmlns='http://www.w3.org/2001/04/xmlenc#'>
<CarriedKeyName>dataKey1</CarriedKeyName>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
<KeyName>romeoPublicKey1fingerprint</KeyName>
</KeyInfo>
<CipherData><CipherValue>E5Qbvfa2gI5lBZMAHryv4g</CipherValue></CipherData>
</EncryptedKey>
<EncryptedKey xmlns='http://www.w3.org/2001/04/xmlenc#'>
<CarriedKeyName>dataKey1</CarriedKeyName>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
<KeyName>romeoPublicKey2fingerprint</KeyName>
</KeyInfo>
<CipherData><CipherValue>E5Qbvfa2gI5lBZMAHryv4g</CipherValue></CipherData>
</EncryptedKey>
</chat>
</save>
</iq>
]]></example>
<p>The &lt;CipherData/&gt; child of each &lt;EncryptedData/&gt; element contains the base64-encoded symmetric-encrypted messages. The &lt;EncryptionMethod/&gt; and &lt;KeyInfo/&gt; children specify the symmetric encryption algorithm and the name of the symmetric key used to encrypt the messages.</p>
<p>The &lt;CarriedKeyName/&gt; child of each &lt;EncryptedKey/&gt; element contains the name of the symmetric key it contains. The name is referenced by the &lt;KeyName/&gt; child of the &lt;KeyInfo/&gt; child of an &lt;EncryptedData/&gt; element. The &lt;CipherData/&gt; child of each &lt;EncryptedKey/&gt; element contains the base64-encoded public-key-encrypted symmetric key. The &lt;EncryptionMethod/&gt; and &lt;KeyInfo/&gt; children specify the public key encryption algorithm and the name of the public key used to encrypt the symmetric key. The name of the public key MAY refer to the name in the &lt;KeyName/&gt; child of one of the &lt;KeyInfo/&gt; elements that are being published using <cite>XEP-0189</cite>.</p>
<example caption='Private chat with encrypted attributes form'><![CDATA[
<iq type='set' id='form2'>
<save xmlns='urn:xmpp:tmp:archive'>
<chat with='benvolio@montague.net'
start='1469-07-21T03:01:54Z'>
<x xmlns='jabber:x:data' type='submit'>
<EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#'
Type='http://www.w3.org/2001/04/xmlenc#Content'>
<EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc'/>
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
<KeyName>dataKey1</KeyName>
</KeyInfo>
<CipherData><CipherValue>+OGQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZ</CipherValue></CipherData>
</EncryptedData>
</x>
<EncryptedKey xmlns='http://www.w3.org/2001/04/xmlenc#'>
<CarriedKeyName>dataKey1</CarriedKeyName>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
<KeyName>romeoPublicKey1fingerprint</KeyName>
</KeyInfo>
<CipherData><CipherValue>E5Qbvfa2gI5lBZMAHryv4g</CipherValue></CipherData>
</EncryptedKey>
</chat>
</save>
</iq>
]]></example>
<p>The x:data form MAY be removed from a collection simply by uploading an empty form. Note: The server SHOULD NOT return an error if it finds that the form to be deleted does not exist.</p>
<example caption='Deleting the attributes form'><![CDATA[
<iq type='set' id='form3'>
<save xmlns='urn:xmpp:tmp:archive'>
<chat with='benvolio@montague.net'
start='1469-07-21T03:01:54Z'>
<x xmlns='jabber:x:data' type='submit'/>
</chat>
</save>
</iq>
]]></example>
</section2>
<section2 topic='Enabling Auto-Archiving with Encryption' anchor='crypt-auto'>
<p>Servers (and clients) SHOULD support the encryption (and decryption) of automatically-archived collections (although early implementations of this protocol MAY prefer to defer encryption and decryption to later releases).</p>
<p>Whenever the client enables auto-archiving it SHOULD set the optional 'encrypt' attribute to 'true'. After receiving such a request, if the server supports encryption (see <link url='#disco'>Determining Server Support</link>), it MUST encrypt all the messages that it archives automatically (including any message collections that are currently being recorded) by following exactly the same procedure as clients use when manually archiving collections (see <link url='#crypt'>Encryption</link>).</p>
<p>The client MAY also specify one or more public keys (in addition to any public keys that the user may be publishing using <cite>XEP-0189</cite>). The server MUST use them all to encrypt all the symmetric keys it generates and add these to the collection wrapped in &lt;EncryptedKey/&gt; elements.</p>
<example caption='Client enables auto archiving with encryption'><![CDATA[
<iq type='set' id='auto2'>
<auto save='true'
encrypt='true'
xmlns='urn:xmpp:tmp:archive'>
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
<KeyValue>
<KeyName>romeoPublicKey3fingerprint</KeyName>
<RSAKeyValue>
<Modulus>xA7SEU+e0yQH5rm9kbCDN9o3aPIo7HbP7tX6WOocLZAtNfyxSZDU16ksL6W
jubafOqNEpcwR3RdFsT7bCqnXPBe5ELh5u4VEy19MzxkXRgrMvavzyBpVRgBUwUlV
5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U=
</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</auto>
</iq>
]]></example>
<p>As soon as the server has finished archiving a collection, it MUST securely destroy all copies of the symmetric key it used to encrypt the messages. Note: If the security of the server is compromised, then only the collections being recorded during the attack will be revealed (i.e. only those messages that would have been compromised even if they had not been archived).</p>
</section2>
<section2 topic='Retrieving a List of Encrypted Collections' anchor='crypt-collection'>
<p>If a collection contains &lt;EncryptedData/&gt; or &lt;EncryptedKey/&gt; elements then the 'crypt' attribute of the &lt;chat/&gt; element MUST be set to 'true':</p>
<example caption='Receiving the first page of a list'><![CDATA[
<iq type='result' to='romeo@montague.net/orchard' id='list1'>
<list xmlns='urn:xmpp:tmp:archive'>
<chat with='juliet@capulet.com/chamber'
start='1469-07-21T02:56:15Z'
subject='She speaks!'
crypt='true'
version='0'/>
.
[28 more collections]
.
<chat with='balcony@house.capulet.com'
start='1469-07-21T03:16:37Z'
version='4'/>
<set xmlns='http://jabber.org/protocol/rsm'>
<first index='0'>1469-07-21T02:56:15Zjuliet@capulet.com</first>
<last>1469-07-21T03:16:37Zbalcony@house.capulet.com</last>
<count>1372</count>
</set>
</list>
</iq>
]]></example>
</section2>
<section2 topic='Retrieving an Encrypted Collection' anchor='crypt-retrieve'>
<p>The items in encrypted collections are typically larger than the items in an unencrypted collection, since each &lt;EncryptedData/&gt; element typically contains many messages. So the client SHOULD take even more care not to request a page of &lt;EncryptedData/&gt; elements that is so big it might exceed rate limiting restrictions.</p>
<example caption='Requesting the first page of an encrypted collection with all versions of keys'><![CDATA[
<iq type='get' id='page1'>
<retrieve xmlns='urn:xmpp:tmp:archive'
with='juliet@capulet.com/chamber'
start='1469-07-23T19:22:31Z'
<set xmlns='http://jabber.org/protocol/rsm'>
<max>5</max>
</set>
</retrieve>
</iq>
]]></example>
<p>In addition to the requested &lt;EncryptedData/&gt; elements, the server MUST return all the &lt;EncryptedKey/&gt; elements that it possesses for the user whose symmetric key name (wrapped in its &lt;CarriedKeyName/&gt; child) is referenced by the &lt;KeyName/&gt; child of the &lt;KeyInfo/&gt; child of any of the &lt;EncryptedData/&gt; elements in the returned page.</p>
<example caption='Receiving the first page of an encrypted collection'><![CDATA[
<iq type='result' to='romeo@montague.net/orchard' id='page1'>
<chat xmlns='urn:xmpp:tmp:archive'
with='juliet@capulet.com/chamber'
start='1469-07-23T19:22:31Z'
subject='She speaks!'
version='5'>
<EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#'
Type='http://www.w3.org/2001/04/xmlenc#Content'>
<EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc'/>
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
<KeyName>dataKey1</KeyName>
</KeyInfo>
<CipherData><CipherValue>+OGQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZ</CipherValue></CipherData>
</EncryptedData>
.
[3 more <EncryptedData/> elements]
.
<EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#'
Type='http://www.w3.org/2001/04/xmlenc#Content'>
<EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc'/>
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
<KeyName>dataKey2</KeyName>
</KeyInfo>
<CipherData><CipherValue>+OGQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZ</CipherValue></CipherData>
</EncryptedData>
<EncryptedKey xmlns='http://www.w3.org/2001/04/xmlenc#'>
<CarriedKeyName>dataKey1</CarriedKeyName>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
<KeyName>romeoPublicKey1fingerprint</KeyName>
</KeyInfo>
<CipherData><CipherValue>E5Qbvfa2gI5lBZMAHryv4g</CipherValue></CipherData>
</EncryptedKey>
<EncryptedKey xmlns='http://www.w3.org/2001/04/xmlenc#'>
<CarriedKeyName>dataKey1</CarriedKeyName>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
<KeyName>romeoPublicKey2fingerprint</KeyName>
</KeyInfo>
<CipherData><CipherValue>E5Qbvfa2gI5lBZMAHryv4g</CipherValue></CipherData>
</EncryptedKey>
<EncryptedKey xmlns='http://www.w3.org/2001/04/xmlenc#'>
<CarriedKeyName>dataKey2</CarriedKeyName>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
<KeyName>romeoPublicKey1fingerprint</KeyName>
</KeyInfo>
<CipherData><CipherValue>E5Qbvfa2gI5lBZMAHryv4g</CipherValue></CipherData>
</EncryptedKey>
<EncryptedKey xmlns='http://www.w3.org/2001/04/xmlenc#'>
<CarriedKeyName>dataKey2</CarriedKeyName>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
<KeyName>romeoPublicKey2fingerprint</KeyName>
</KeyInfo>
<CipherData><CipherValue>E5Qbvfa2gI5lBZMAHryv4g</CipherValue></CipherData>
</EncryptedKey>
<set xmlns='http://jabber.org/protocol/rsm'>
<first index='0'>0</first>
<last>4</last>
<count>7</count>
</set>
</chat>
</iq>
]]></example>
<p>The client MAY limit the number of &lt;EncryptedKey/&gt; elements that it receives by specifying the name of one or more public keys for which it holds the associated private keys. The name of each public key MUST be wrapped in a &lt;KeyName/&gt; element.</p>
<example caption='Requesting the first page of an encrypted collection with specified version of keys'><![CDATA[
<iq type='get' id='page1'>
<retrieve xmlns='urn:xmpp:tmp:archive'
with='juliet@capulet.com/chamber'
start='1469-07-23T19:22:31Z'>
<KeyName xmlns='http://www.w3.org/2000/09/xmldsig#'>romeoPublicKey1fingerprint</KeyName>
<set xmlns='http://jabber.org/protocol/rsm'>
<max>1</max>
</set>
</retrieve>
</iq>
]]></example>
<p>If the request includes one or more &lt;KeyName/&gt; elements then the server MUST only return those &lt;EncryptedKey/&gt; elements whose public key name (wrapped in the &lt;KeyName/&gt; child of the &lt;KeyInfo/&gt; child) is specified in the request.</p>
</section2>
<section2 topic='Replacing EncryptedKey Elements' anchor='encrypt-rekey'>
<p>If a private key becomes obsolete or compromised then it may be necessary for a client to replace all &lt;EncryptedKey/&gt; elements that contain symmetric keys encrypted with the public key that is associated with the obsolete private key.</p>
<p>The client first requests a list of the affected &lt;EncryptedKey/&gt; elements from all collections by sending a &lt;keys/&gt; element to the server:</p>
<example caption='Requesting the first page of a list of keys'><![CDATA[
<iq type='get' id='pubkey1'>
<keys xmlns='urn:xmpp:tmp:archive'>
<KeyName xmlns='http://www.w3.org/2000/09/xmldsig#'>romeoPublicKey1fingerprint</KeyName>
<set xmlns='http://jabber.org/protocol/rsm'>
<max>50</max>
</set>
</keys>
</iq>
]]></example>
<p>The server MUST return only &lt;EncryptedKey/&gt; elements whose symmetric encryption key is encrypted with the obsolete public key specified in the &lt;KeyName/&gt; child of the request:</p>
<example caption='Receiving the first page of a list of keys'><![CDATA[
<iq type='result' to='romeo@montague.net/orchard' id='pubkey1'>
<keys xmlns='urn:xmpp:tmp:archive'>
<chat with='juliet@capulet.com/chamber'
start='1469-07-23T19:22:31Z'
version='6'>
<EncryptedKey xmlns='http://www.w3.org/2001/04/xmlenc#'>
<CarriedKeyName>dataKey1</CarriedKeyName>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
<KeyName>romeoPublicKey1fingerprint</KeyName>
</KeyInfo>
<CipherData><CipherValue>E5Qbvfa2gI5lBZMAHryv4g</CipherValue></CipherData>
</EncryptedKey>
<EncryptedKey xmlns='http://www.w3.org/2001/04/xmlenc#'>
<CarriedKeyName>dataKey2</CarriedKeyName>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
<KeyName>romeoPublicKey1fingerprint</KeyName>
</KeyInfo>
<CipherData><CipherValue>E5Qbvfa2gI5lBZMAHryv4g</CipherValue></CipherData>
</EncryptedKey>
</chat>
.
[49 more sets of collection keys]
.
<set xmlns='http://jabber.org/protocol/rsm'>
<first index='0'>1469-07-23T19:22:31Zjuliet@capulet.com</first>
<last>1469-08-03T13:24:06Zbalcony@house.capulet.com</last>
<count>3810</count>
</set>
</keys>
</iq>
]]></example>
<p>The client decrypts each symmetric key with the obsolete private key and encrypts it again with the new public key. The client then wraps each symmetric key in an &lt;EncryptedKey/&gt; element and asks the server to archive it in its associated collection on the server (see <link url='#crypt'>Encryption</link>):</p>
<example caption='Storing encrypted keys in a collection'><![CDATA[
<iq type='set' id='crypt1'>
<save xmlns='urn:xmpp:tmp:archive'>
<chat with='juliet@capulet.com/chamber'
start='1469-07-23T19:22:31Z'>
<EncryptedKey xmlns='http://www.w3.org/2001/04/xmlenc#'>
<CarriedKeyName>dataKey1</CarriedKeyName>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
<KeyName>romeoPublicKey2fingerprint</KeyName>
</KeyInfo>
<CipherData><CipherValue>E5Qbvfa2gI5lBZMAHryv4g</CipherValue></CipherData>
</EncryptedKey>
<EncryptedKey xmlns='http://www.w3.org/2001/04/xmlenc#'>
<CarriedKeyName>dataKey2</CarriedKeyName>
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>
<KeyName>romeoPublicKey2fingerprint</KeyName>
</KeyInfo>
<CipherData><CipherValue>E5Qbvfa2gI5lBZMAHryv4g</CipherValue></CipherData>
</EncryptedKey>
</chat>
</save>
</iq>
.
[49 more sets of collection keys]
.
]]></example>
<p>Finally, the client asks the server to delete from each collection all &lt;EncryptedKey/&gt; elements whose symmetric encryption key is encrypted with the obsolete public key:</p>
<example caption='Deleting key(s) from a collection'><![CDATA[
<iq type='get' id='delete1'>
<delete xmlns='urn:xmpp:tmp:archive'
with='juliet@capulet.com/chamber'
start='1469-07-23T19:22:31Z'>
<KeyName xmlns='http://www.w3.org/2000/09/xmldsig#'>romeoPublicKey1fingerprint</KeyName>
</delete>
</iq>
.
[49 more delete requests]
.
]]></example>
</section2>
</section1>
<section1 topic='Determining Server Support' anchor='disco'>
<p>A client discovers whether its server supports this protocol using &xep0030;.</p>
<example caption='Client Service Discovery request'>
@ -1403,7 +1061,7 @@
<query xmlns='http://jabber.org/protocol/disco#info'/>
</iq>
]]></example>
<p>For each feature defined herein, if the server supports that feature it MUST return a &lt;feature/&gt; element with the 'var' attribute set to 'urn:xmpp:tmp:archive:name' &NSNOTE;, where 'name' is 'auto' for the <link url='#auto'>Automatic Archiving</link> feature, 'encrypt' for the <em>server-side</em> encryption feature (see <link url='#auto'>Automatic Archiving</link>), 'manage' for the <link url='#manage'>Archive Management</link> feature, 'manual' for the <link url='#manual'>Manual Archiving</link> feature, and 'pref' for the <link url='#pref'>Archiving Preferences</link> feature.</p>
<p>For each feature defined herein, if the server supports that feature it MUST return a &lt;feature/&gt; element with the 'var' attribute set to 'urn:xmpp:tmp:archive:name' &NSNOTE;, where 'name' is 'auto' for the <link url='#auto'>Automatic Archiving</link> feature, 'manage' for the <link url='#manage'>Archive Management</link> feature, 'manual' for the <link url='#manual'>Manual Archiving</link> feature, and 'pref' for the <link url='#pref'>Archiving Preferences</link> feature.</p>
<example caption='Server Service Discovery response'>
<![CDATA[
<iq from='montague.net'
@ -1414,7 +1072,6 @@
...
<feature var='urn:xmpp:tmp:archive'/>
<feature var='urn:xmpp:tmp:archive:auto'/>
<feature var='urn:xmpp:tmp:archive:encrypt'/>
<feature var='urn:xmpp:tmp:archive:manage'/>
<feature var='urn:xmpp:tmp:archive:manual'/>
<feature var='urn:xmpp:tmp:archive:pref'/>
@ -1454,9 +1111,6 @@
<p>If automatic archiving defaults to enabled then that creates serious privacy issues for users of legacy clients that do not support this protocol, and (more seriously) for those contacts who they unwittingly mislead by agreeing to disable logging (via the 'logging' field defined in &xep0155;).</p>
<p>If a server deployment enables automatic archiving by default, then it MUST return a stream feature containing an empty &lt;default/&gt; element (see the <link url='#streamfeature'>Stream Feature</link> section of this document).</p>
</section2>
<section2 topic='Plain Text Subject' anchor='security-encrypt'>
<p>Since the subject of each collection will not be encrypted, the client MUST warn its human user (if any) before including 'subject' attributes on encrypted collections.</p>
</section2>
<section2 topic='Store Headers' anchor='security-store'>
<p>The client that originates a message MAY specify a 'false' value for the 'store' header (see &xep0131;). The recipient MUST NOT archive such a message or any of the information it contains.</p>
<p>If the sender plans to use 'store' headers it MUST use Service Discovery to determine whether or not the recipient supports them. Note: Since servers are not required to check the content of message stanzas for headers, if the recipient is using automatic archiving then it MUST indicate that it does not support 'store' headers.</p>
@ -1476,7 +1130,6 @@
<p>The XMPP Registrar shall include the following features in its registry of service discovery features (see &DISCOFEATURES;), where the string "urn:xmpp:tmp:archive" shall be replaced with the URN issued by the XMPP Registrar:</p>
<ul>
<li>urn:xmpp:tmp:archive:auto</li>
<li>urn:xmpp:tmp:archive:encrypt</li>
<li>urn:xmpp:tmp:archive:manage</li>
<li>urn:xmpp:tmp:archive:manual</li>
<li>urn:xmpp:tmp:archive:pref</li>
@ -1527,7 +1180,6 @@
<xs:sequence>
<xs:any processContents='lax' namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
</xs:sequence>
<xs:attribute name='encrypt' type='xs:boolean' use='optional'/>
<xs:attribute name='save' type='xs:boolean' use='required'/>
</xs:complexType>
</xs:element>