Malicious Stanzas

%ents; ]>

Malicious Stanzas This document defines an XMPP protocol extension for flagging malicious stanzas. &LEGALNOTICE; 0076 Active Humorous Standards XMPP Core RFC 3514 evil &stpeter; &hildjj; 1.0 2003-04-01 psa

April Fools!

&rfc3514;, published just today (2003-04-01), defines a mechanism for specifying the "evil bit" in IPv4 in order to determine if a packet was sent with malicious intent. In Section 5 ("Related Work") of that RFC, reference is made to complementary mechanisms for other forms of evil such as IPv6 support and the application/evil MIME type. Because the &XSF; desires to maintain compliance with protocols developed by core Internet standards bodies, the current document defines a complementary mechanism for XMPP support of evil.

There are three basic XMPP stanza types that may be sent within XML streams:

<message/> -- a "push" medium for sending information to other entities.
<presence/> -- a "broadcast" medium for publishing information to entities that have subscribed to an entity's availability status.
<iq/> -- a "request-response" medium for executing basic but structured transactions with other entities.

Any one of the foregoing data elements can be used with malicious intent. Therefore a generalized mechanism is needed. Because XML namespaces are used within XMPP to properly scope data, this document proposes a new namespace ('http://jabber.org/protocol/evil') to implement the desired functionality.

If an evil entity sends an evil message, it MUST include an appropriately namespaced extension in the message stanza:

I told him what I thought, and told no more Than what he found himself was apt and true. ]]>

If an evil entity sends evil presence information, it MUST include an appropriately namespaced extension in the presence stanza:

dnd Fomenting dissension ]]>

If an evil entity provides evil information in an IQ exchange, it MUST include an appropriately namespaced extension in the IQ stanza:

Stabber 666 FiendOS ]]>

Evil entities MUST advertise their support for this protocol in their responses to &xep0030; information ("disco#info") requests by returning a feature of "http://jabber.org/protocol/evil":

]]> ]]>

In order for an application to determine whether an entity supports this protocol, where possible it SHOULD use the dynamic, presence-based profile of service discovery defined in &xep0115;. However, if an application has not received entity capabilities information from an entity, it SHOULD use explicit service discovery instead.

Because the 'http://jabber.org/protocol/evil' namespace flags an XML stanza as malicious, it is critically important that an entity appropriately process an XML stanza that contains the evil extension. Mission-critical applications SHOULD ignore any stanzas tagged with the evil extension. Evil servers MAY pass through evil stanzas unmodified. Really evil servers MAY silently delete the evil extension. Entities that are evil to the core SHOULD support channel-level evil as defined in RFC 3514, since this document defines per-stanza evil only.

This document requires no interaction with &IANA;.

The ®ISTRAR; shall register the 'http://jabber.org/protocol/evil' namespace as a result of this document.