117 lines
5.6 KiB

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE xep SYSTEM 'xep.dtd' [
<!ENTITY % ents SYSTEM 'xep.ent'>
<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
<title>Malicious Stanzas</title>
<abstract>This document defines an XMPP protocol extension for flagging malicious stanzas.</abstract>
<spec>XMPP Core</spec>
<spec>RFC 3514</spec>
<remark><p>April Fools!</p></remark>
<section1 topic='Introduction'>
<p>&rfc3514;, published just today (2003-04-01), defines a mechanism for specifying the "evil bit" in IPv4 in order to determine if a packet was sent with malicious intent. In Section 5 ("Related Work") of that RFC, reference is made to complementary mechanisms for other forms of evil such as IPv6 support and the application/evil MIME type. Because the &XSF; desires to maintain compliance with protocols developed by core Internet standards bodies, the current document defines a complementary mechanism for XMPP support of evil.</p>
<section1 topic='Requirements and Approach'>
<p>There are three basic XMPP stanza types that may be sent within XML streams:</p>
<li>&lt;message/&gt; -- a "push" medium for sending information to other entities.</li>
<li>&lt;presence/&gt; -- a "broadcast" medium for publishing information to entities that have subscribed to an entity's availability status.</li>
<li>&lt;iq/&gt; -- a "request-response" medium for executing basic but structured transactions with other entities.</li>
<p>Any one of the foregoing data elements can be used with malicious intent. Therefore a generalized mechanism is needed. Because XML namespaces are used within XMPP to properly scope data, this document proposes a new namespace ('http://jabber.org/protocol/evil') to implement the desired functionality.</p>
<section1 topic='Use Cases'>
<section2 topic='Evil Messages'>
<p>If an evil entity sends an evil message, it MUST include an appropriately namespaced extension in the message stanza:</p>
<example caption='Evil Entity Sends Evil Message'><![CDATA[
I told him what I thought, and told no more
Than what he found himself was apt and true.
<evil xmlns='http://jabber.org/protocol/evil'/>
<section2 topic='Evil Presence'>
<p>If an evil entity sends evil presence information, it MUST include an appropriately namespaced extension in the presence stanza:</p>
<example caption='Evil Entity Sends Evil Presence'><![CDATA[
<presence from='iago@shakespeare.lit/pda'>
<status>Fomenting dissension</status>
<evil xmlns='http://jabber.org/protocol/evil'/>
<section2 topic='Evil IQs'>
<p>If an evil entity provides evil information in an IQ exchange, it MUST include an appropriately namespaced extension in the IQ stanza:</p>
<example caption='Evil Entity Sends Evil Message'><![CDATA[
<iq from='iago@shakespeare.lit/pda'
<query xmlns='jabber:iq:version'>
<evil xmlns='http://jabber.org/protocol/evil'/>
<section1 topic='Determining Support' anchor='disco'>
<p>Evil entities MUST advertise their support for this protocol in their responses to &xep0030; information ("disco#info") requests by returning a feature of "http://jabber.org/protocol/evil":</p>
<example caption='A disco#info query'><![CDATA[
<iq from='emilia@shakespeare.lit/mobile'
<query xmlns='http://jabber.org/protocol/disco#info'/>
<example caption='A disco#info response'><![CDATA[
<iq from='iago@shakespeare.lit/pda'
<query xmlns='http://jabber.org/protocol/disco#info'>
<feature var='http://jabber.org/protocol/evil'/>
<p>In order for an application to determine whether an entity supports this protocol, where possible it SHOULD use the dynamic, presence-based profile of service discovery defined in &xep0115;. However, if an application has not received entity capabilities information from an entity, it SHOULD use explicit service discovery instead.</p>
<section1 topic='Security Considerations'>
<p>Because the 'http://jabber.org/protocol/evil' namespace flags an XML stanza as malicious, it is critically important that an entity appropriately process an XML stanza that contains the evil extension. Mission-critical applications SHOULD ignore any stanzas tagged with the evil extension. Evil servers MAY pass through evil stanzas unmodified. Really evil servers MAY silently delete the evil extension. Entities that are evil to the core SHOULD support channel-level evil as defined in RFC 3514, since this document defines per-stanza evil only.</p>
<section1 topic='IANA Considerations'>
<p>This document requires no interaction with &IANA;.</p>
<section1 topic='XMPP Registrar Considerations'>
<p>The &REGISTRAR; shall register the 'http://jabber.org/protocol/evil' namespace as a result of this document.</p>