<?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE xep SYSTEM 'xep.dtd' [ <!ENTITY % ents SYSTEM 'xep.ent'> %ents; ]> <?xml-stylesheet type='text/xsl' href='xep.xsl'?> <xep> <header> <title>Instant Stream Resumption</title> <abstract>This specification introduces a mechanism for instant stream resumption, based on Stream Management (XEP-0198), allowing XMPP entities to instantaneously resume an XMPP stream.</abstract> <legal> <copyright>This XMPP Extension Protocol is copyright (c) 1999 - 2016 by the XMPP Standards Foundation (XSF).</copyright> <permissions>Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the "Specification"), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specification, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or substantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or publisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation.</permissions> <warranty>## NOTE WELL: This Specification is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. In no event shall the XMPP Standards Foundation or the authors of this Specification be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the Specification or the implementation, deployment, or other use of the Specification. ##</warranty> <liability>In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall the XMPP Standards Foundation or any author of this Specification be liable for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising out of the use or inability to use the Specification (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if the XMPP Standards Foundation or such author has been advised of the possibility of such damages.</liability> <conformance>This XMPP Extension Protocol has been contributed in full conformance with the XSF's Intellectual Property Rights Policy (a copy of which may be found at <<link url='http://xmpp.org/extensions/ipr-policy.shtml'>http://xmpp.org/extensions/ipr-policy.shtml</link>> or obtained by writing to XSF, P.O. Box 1641, Denver, CO 80201 USA).</conformance> </legal> <number>xxxx</number> <status>ProtoXEP</status> <type>Standards Track</type> <sig>Standards</sig> <approver>Council</approver> <dependencies> <spec>XMPP Core</spec> <spec>XEP-0198</spec> <spec>XEP-0300</spec> </dependencies> <supersedes/> <supersededby/> <shortname>isr</shortname> <author> <firstname>Florian</firstname> <surname>Schmaus</surname> <email>flo@geekplace.eu</email> <jid>flo@geekplace.eu</jid> </author> <revision> <version>0.0.2</version> <date>2016-03-11</date> <initials>fs</initials> <remark><p>Second draft.</p></remark> </revision> <revision> <version>0.0.1</version> <date>2016-02-12</date> <initials>fs</initials> <remark><p>First draft.</p></remark> </revision> </header> <section1 topic='Introduction' anchor='intro'> <p>This XEP specifies an instant stream resumption mechanism based on &xep0198;, allowing XMPP entities to instantaneously resume an XMPP stream. This can be seen as the complementary part to &xep0305; allowing for fast XMPP session (re-)establishment.</p> <p>Compared to the existing stream resumption mechanism of <link url='http://xmpp.org/extensions/xep-0198.html#resumption'><cite>XEP-0198</cite> § 5</link>, the approach defined herein reduces the round trips required to resume a stream to exactly <em>one</em> (besides the round trips required by the TLS handshake). This is achieved by using just a secure key to resume the stream.</p> </section1> <section1 topic='Glossary' anchor='glossary'> <dl> <di> <dt>ISR</dt> <dd>Instant Stream Resumption.</dd> </di> <di> <dt>Instant Stream Resumption Key (ISR Key)</dt> <dd>A key, represented as string, which contains at least 128 bits of entropy generated by a cryptographically secure random number generator.</dd> </di> <di> <dt>TLS</dt> <dd>Transport Layer Security (&rfc5246;).</dd> </di> </dl> </section1> <!-- <section1 topic='Use Cases' anchor='usecases'> <p>STRONGLY RECOMMENDED.</p> </section1> --> <section1 topic='Obtaining a Instant Stream Resumption Key' anchor='obtain'> <p>If an entity supports ISR, then the <enabled/> Nonza<note>XEP-0360: Nonzas (are not Stanzas) <<link url='https://xmpp.org/extensions/xep-0360.html'>https://xmpp.org/extensions/xep-0360.html</link>>.</note>, which is send as positive reply upon a request to enable Stream Management, MUST contain an 'key' attribute qualified by the 'urn:xmpp:isr:0' namespace containing a ISR Key. The Nonza MAY also contain a 'location' attribute qualified by the 'urn:xmpp:isr:0' namespace which specifies the preferred IP address or hostname, and a TCP port number of the host which should be used for instant stream resumption.</p> <example caption='An <enabled/> Nonza with a ISR key'><![CDATA[ <enabled xmlns='urn:xmpp:sm:3' xmlns:isr='urn:xmpp:isr:0' isr:key='a0b9162d-0981-4c7d-9174-1f55aedd1f52'/>]]></example> <example caption='An <enabled/> Nonza with a ISR key and location'><![CDATA[ <enabled xmlns='urn:xmpp:sm:3' xmlns:isr='urn:xmpp:isr:0' isr:key='a0b9162d-0981-4c7d-9174-1f55aedd1f52' isr:location='isr.example.org:5222'/>]]></example> </section1> <section1 topic='Instant Stream Resumption' anchor='isr'> <p>In order to instantaneously resume an XMPP stream the initiating entity, which is either an XMPP client or server, must posses a valid ISR key. After it has obtained the ISR key, using the process described in the previous section, it first determines the host for resumption, and after that, tries to perform the instant stream resumption.</p> <section2 topic='Determing the Host for Resumption' anchor='host'> <p>The lookup mechanism order to determine host candidates for ISR resumption is as follows:</p> <ol> <li>The host provided in the optional 'location' attribute qualified by the 'urn:xmpp:isr:0' namespace found in the <enabled/> element of <cite>XEP-0198</cite> (the "isr:location"). </li> <li>The hosts determined by means of &xep0368;.</li> <li>The host announced in the 'location' attribute of the <enabled/> Nonza defined in <cite>XEP-0198</cite>.</li> <li>Standard host lookup mechanisms.</li> </ol> <p>The host candidates retrieved by those mechanisms SHOULD be tried by the initiating entity in this order.</p> <p>Note that the hosts announced by the 'location' attribute qualified by the 'urn:xmpp:isr:0' namespace MUST be connected to using TLS from the beginning, i.e. <starttls/> MUST NOT be used, instead the TLS handshake is performed right after establishing the connection.</p> <p>This order prefers hosts which allow connections where TLS is enabled from the beginning. This is desirable to reduce the required round trips by skipping the <starttls/> step.</p> </section2> <section2 topic='Performing Instant Stream Resumption' anchor='resume'> <p>After the remote host on which the instant stream resumption should be performed was determined, the initiating entity connects to the host, and establishes TLS by either</p> <ol> <li>establishing a TLS session right away, or</li> <li>performing STARTTLS (&rfc6120; § 5).</li> </ol> <p>Next, the initiating entity sends an XMPP <stream> open element followed by a <instant-resume/> Nonza qualified by the 'urn:xmpp:isr:0' namespace which MUST contain the previous stream identifier, the <cite>XEP-0198</cite> "SM-ID", in the 'previd' attribute, the sequence number of the last by Stream Management handled stanza in the 'h' attribute and the initiator-hmac as value of at least one <hash/> element as specified by &xep0300;, which are put as child elements under the <hmac/> element.</p> <p>The initiator-hmac is defined as follows:</p> <p class='box'> initiator-hamc = Base64(HMAC(key, "Initiator" || tls-server-end-point)) </p> <p>The function defined in &rfc2104; is used to compute the HMAC using the hash algorithm specified in the 'algo' attribute of the <hash/> element as the cryptographic hash function H. The ISR Key is used as key of the HMAC. And the bytewise concatnation of the ASCII String "Initiator" and the bytes from tls-server-end-point, which a TLS Channel Binding defined in &rfc5929; § 4, is used a the HMAC text. The resulting bytes of the HMAC function are encoded using Base64 as defined in &rfc4648; <link url='https://tools.ietf.org/html/rfc4648#section-4'>§ 4</link> and resulting string is used as text value of the <hash/> element.</p> <p>Note that the initiating entity SHOULD pipeline the instant stream resumption request together with then initial <stream> open element. The initiating entity is able to do so since it already knows that the service supports ISR because it announced an ISR key. Servers MUST nevertheless announce that they support ISR by including an <isr/> element qualified by the 'urn:xmpp:isr:0' namespace in their stream features.</p> <example caption='Initiating entity requests instant stream resumption'><![CDATA[ <stream:stream from='juliet@im.example.com' to='im.example.com' version='1.0' xml:lang='en' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'> <inst-resume xmlns='urn:xmpp:isr:0' previd='some-long-sm-id' h='42'> <hmac> <hash xmlns='urn:xmpp:hashes:1' algo='sha256'> initator-hmac </hash> </hmac> </inst-resume>]]></example> <p>ISR MUST only be performed over TLS secured sessions. What follows is that the ISR feature MUST only be announced after STARTTLS has been successfully performed or on streams where TLS was established from the beginning.</p> <section3 topic='Successful Stream Resumption' anchor='isr-success'> <p>On success the server replies with <inst-resumed/> Nonza which MUST contain a <em>new</em> ISR Key found in the 'key' attribute, the sequence number of the last by Stream Mangement handled stanza in the 'h' attribute and the 'responder-hmac' as value of the <hash/> element being a child of the <hamc/> element.</p> <p>The responder-hmac is defined as follows:</p> <p class='box'> responder-hmac = Base64(HMAC(key, "Responder" || tls-server-end-point)) </p> <p>That is, it is the same as the initiator-hamc, but instead of using the ASCII string "Initiator", the ASCII string "Responder" is used.</p> <p>The initiating entity is required to verify the responder-hmac achieve mutual authentication.</p> <example caption='Server acknowledges instant stream resumption'><![CDATA[ <stream:stream from='im.example.com' id='t7AMCin9zjMNwQKDnplntZPIDEI=' to='juliet@im.example.com' version='1.0' xml:lang='en' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams'> <stream:features> <isr xmlns='urn:xmpp:isr:0'/> </stream:features> <inst-resumed xmlns='urn:xmpp:isr:0' key='006b1a29-c549-41c7-a12c-2a931822f8c0' h='21'> <hmac> <hash xmlns='urn:xmpp:hashes:1' algo='sha-256'> responder-hmac </hash> </hmac> </inst-resumed>]]></example> <p>After the <inst-resumed/> was received and has been verified both entities MUST consider the resumed stream to be re-established. This includes all previously negotiated stream features like &xep0138;. It does however not include the specific state of the features: For example in case of Stream Compression, the dictionary used by the compression mechanism of the resumed stream MUST NOT be considered to be restored after instant stream resumption.</p> </section3> <section3 topic='Failed Stream Resumptino' anchor='isr-failed'> <p>If the server is unable to resume the stream instantly it MUST reply with a <failed/> Nonza qualified by the 'urn:xmpp:isr:0' namespace.</p> <example caption='Server indicates instant stream resumption failure'><![CDATA[ <failed xmlns='urn:xmpp:isr:0'/>]]></example> <p>The server MAY also include a 'h' attribute in the <failed/> element indicating the number of stanzas it has handled so far.</p> <example caption='Server indicates failure with handled stanzas count'><![CDATA[ <failed xmlns='urn:xmpp:isr:0' h='22'/>]]></example> <p>Instant stream resumption errors SHOULD be considered recoverable, the initiating entity MAY continue with normal session establishment; however, misuse of stream management MAY result in termination of the stream.</p> </section3> </section2> </section1> <section1 topic='Security Considerations' anchor='security'> <p>It is of vital importance that the Instant Stream Resumption Key is generated by a cryptographically secure random generator. See &rfc4086; for more information about Randomness Requirements for Security</p> </section1> <section1 topic='IANA Considerations' anchor='iana'> <p>This document requires no interaction with &IANA;.</p> </section1> <section1 topic='XMPP Registrar Considerations' anchor='registrar'> <p>The ®ISTRAR; includes 'urn:xmpp:isr:0' in its registry of protocol namespaces (see &NAMESPACES;).</p> </section1> <section1 topic='XML Schema' anchor='schema'> <p>TODO: Add after the XEP leaves the 'experimental' state.</p> </section1> <section1 topic='Acknowledgements' anchor='acknowledgements'> <p>Thanks to Jonas Wielicki and Thijs Alkemade for their feedback.</p> </section1> </xep>