mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-21 08:45:04 -05:00
98 lines
3.6 KiB
XML
98 lines
3.6 KiB
XML
<?xml version='1.0' encoding='UTF-8'?>
|
|
<!DOCTYPE xep SYSTEM 'xep.dtd' [
|
|
<!ENTITY % ents SYSTEM 'xep.ent'>
|
|
<!ENTITY otr3 "<span class='ref'><link url='https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html'>Off-the-Record Messaging Protocol version 3</link></span> <note>Off-the-Record Messaging Protocol (OTR) version 3 <<link url='https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html'>https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html</link>> (Accessed 2015-08-30).</note>" >
|
|
%ents;
|
|
]>
|
|
<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
|
|
<xep>
|
|
<header>
|
|
<title>OTR Discovery</title>
|
|
<abstract>
|
|
This document provides a mechanism by which OTR encryption support can be
|
|
discovered in XMPP, without relying on OTRs protocol agnostic discovery
|
|
mechanism.
|
|
</abstract>
|
|
&LEGALNOTICE;
|
|
<number>0378</number>
|
|
<status>Experimental</status>
|
|
<type>Standards Track</type>
|
|
<sig>Standards</sig>
|
|
<approver>Council</approver>
|
|
<dependencies>
|
|
<spec>XMPP Core</spec>
|
|
<spec>XEP-0030</spec>
|
|
</dependencies>
|
|
<supersedes/>
|
|
<supersededby/>
|
|
<shortname>OTR-DISCO</shortname>
|
|
&sam;
|
|
<revision>
|
|
<version>0.0.1</version>
|
|
<date>2016-07-15</date>
|
|
<initials>ssw</initials>
|
|
<remark><p>Initial version approved by the Council.</p></remark>
|
|
</revision>
|
|
</header>
|
|
<section1 topic='Introduction' anchor='intro'>
|
|
<p>
|
|
The Off-the-Record messaging protocol (OTR) is widely layered on top of
|
|
XMPP to provide end-to-end encryption. Current use of the protocol is
|
|
described in &xep0364;. OTR provides its own discovery mechanism in which
|
|
it sends messages with special whitespace characters to indicate support.
|
|
While this works when initializing a session, there is no way to query a
|
|
client for support and to know in advance that a particular version of
|
|
OTR is supported. This specification aims to solve that by providing an
|
|
in-band mechanism for discovering OTR support in XMPP.
|
|
</p>
|
|
<p>
|
|
It should be noted that newer, more secure encryption protocols exist for
|
|
XMPP, and that new implementations of OTR are discouraged. This protocol
|
|
is primarily intended to solve issues with existing implementations of
|
|
OTR.
|
|
</p>
|
|
</section1>
|
|
<section1 topic='Discovering support' anchor='disco'>
|
|
<p>
|
|
If an entity supports OTR it MUST advertise the fact by returning a
|
|
feature of 'urn:xmpp:otr:0' &VNOTE; in response to a &xep0030; information
|
|
request. This indicates support for OTRv3 as defined by &otr3;.
|
|
</p>
|
|
<example caption='Disco response'><![CDATA[
|
|
<feature var='urn:xmpp:otr:0' />]]></example>
|
|
<p>
|
|
If older versions of OTR are required, they may be discovered out of band
|
|
using OTRs built in mechanism which is beyond the scope of this document.
|
|
</p>
|
|
</section1>
|
|
<section1 topic='Security Considerations' anchor='security'>
|
|
<p>
|
|
Because OTR support is advertised outside of any end-to-end encrypted
|
|
stream, it may be subject to downgrade attacks (eg. the server operator
|
|
may remove OTR from the features list).
|
|
</p>
|
|
</section1>
|
|
<section1 topic='IANA Considerations' anchor='iana'>
|
|
<p>
|
|
This document requires no interaction with the Internet Assigned Numbers
|
|
Authority (IANA).
|
|
</p>
|
|
</section1>
|
|
<section1 topic='XMPP Registrar Considerations' anchor='registrar'>
|
|
<p>This specification defines the following XML namespaces:</p>
|
|
<ul>
|
|
<li>urn:xmpp:otr:0</li>
|
|
</ul>
|
|
<p>
|
|
The ®ISTRAR; shall include the foregoing namespaces in its disco
|
|
features registry as defined in &xep0030;.
|
|
</p>
|
|
<code caption='Registry Submission'><![CDATA[
|
|
<var>
|
|
<name>urn:xmpp:otr:0</name>
|
|
<desc>Indicates support for Off-the-Record Messaging (OTR) version 3</desc>
|
|
<doc>XEP-0378</doc>
|
|
</var>]]></code>
|
|
</section1>
|
|
</xep>
|