-
Notifications
You must be signed in to change notification settings - Fork 123
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
XEP-0474: Use better value delimiter
- Loading branch information
1 parent
57466f8
commit 69ea3ac
Showing
1 changed file
with
23 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -23,6 +23,16 @@ | |
| <supersededby/> | ||
| <shortname>SSDP</shortname> | ||
| &tmolitor; | ||
| <revision> | ||
| <version>0.4.0</version> | ||
| <date>2025-01-24</date> | ||
| <initials>tm</initials> | ||
| <remark> | ||
| <ul> | ||
| <li>Use better value delimiter</li> | ||
| </ul> | ||
| </remark> | ||
| </revision> | ||
| <revision> | ||
| <version>0.3.1</version> | ||
| <date>2024-09-11</date> | ||
|
|
@@ -155,17 +165,17 @@ | |
| <p>Note: All sorting operations MUST be performed using "i;octet" collation as specified in Section 9.3 of &rfc4790;.</p> | ||
| <ol> | ||
| <li>Initialize an empty ASCII string S</li> | ||
| <li>Sort all server-advertised SASL mechanisms and append them to string S joined by delimiter "," (%x2C)</li> | ||
| <li>If the server used &xep0440; to advertise channel-bindings, append "|" (%x7C) to S</li> | ||
| <li>If the server used &xep0440; to advertise channel-bindings, sort all server-advertised channel-binding types and append them to string S joined by delimiter "," (%x2C)</li> | ||
| <li>Sort all server-advertised SASL mechanisms and append them to string S joined by delimiter %x1E</li> | ||
| <li>If the server used &xep0440; to advertise channel-bindings, append %x1F to S</li> | ||
| <li>If the server used &xep0440; to advertise channel-bindings, sort all server-advertised channel-binding types and append them to string S joined by delimiter %x1E</li> | ||
| <li>Hash S using the same hash mechanism as used for the SCRAM mechanism currently in use and encode the result using base64</li> | ||
| </ol> | ||
| <p>The server then adds the optional attribute "d" with the base64 encoded hash obtained in step 5 to its server-first-message.</p> | ||
| <p>The server then adds the optional attribute "h" with the base64 encoded hash obtained in step 5 to its server-first-message.</p> | ||
| <p>Note: If the server simultaneously advertises SASL1 and SASL2, only the mechanism list of the SASL protocol the client uses for authentication MUST be considered for hashing.</p> | ||
| </section2> | ||
| <section2 topic="Client Verifies The Downgrade Protection Hash" anchor="verification"> | ||
| <p>Upon receiving the server-first-message the client calculates its own base64 encoded hash using the list of SASL mechanisms and channel-binding types the server advertised using SASL1 or SASL2 and &xep0440; by applying the same algorithm as defined in <link url="#hash">Server Sends Downgrade Protection Hash</link>.</p> | ||
| <p>The client then extracts the base64 encoded hash presented by the server in the optional attribute "d" and compares it to its own hash. If the hashes match, the list of SASL mechanisms and channel-binding types has not been changed by an active MITM.</p> | ||
| <p>The client then extracts the base64 encoded hash presented by the server in the optional attribute "h" and compares it to its own hash. If the hashes match, the list of SASL mechanisms and channel-binding types has not been changed by an active MITM.</p> | ||
| <p>If the hashes do not match, the client MUST fail the authentication. It MAY additionally show a user-facing warning message about an active MITM. If the hashes match, an attacker could still have manipulated them. If so, the server will always fail the authentication according to &rfc5802; because the client-proof will not be based upon the correct SSDP value.</p> | ||
| </section2> | ||
| <section2 topic="Full Example" anchor="example"> | ||
|
|
@@ -226,36 +236,37 @@ | |
| <!-- | ||
| SCRAM-SHA-1-PLUS challenge issued by the server as defined in RFC 5802 | ||
| including the base64 encoded SHA-1 hash of the mechanism and channel-binding lists. | ||
| Attribute "d" contains base64 encoded SHA-1 hash of 'SCRAM-SHA-1,SCRAM-SHA-1-PLUS|tls-exporter,tls-server-end-point' | ||
| Base64 of: 'r=12C4CD5C-E38E-4A98-8F6D-15C38F51CCC6a09117a6-ac50-4f2f-93f1-93799c2bddf6,s=QSXCR+Q6sek8bf92,i=4096,d=dRc3RenuSY9ypgPpERowoaySQZY=' | ||
| Attribute "h" contains base64 encoded SHA-1 hash of 'SCRAM-SHA-1\x1eSCRAM-SHA-1-PLUS\x1ftls-exporter\x1etls-server-end-point' | ||
| Base64 of: 'r=12C4CD5C-E38E-4A98-8F6D-15C38F51CCC6a09117a6-ac50-4f2f-93f1-93799c2bddf6,s=QSXCR+Q6sek8bf92,i=4096,h=G6k/rBLDqgOhRRaCuuatSDFkJ08=' | ||
| --> | ||
| <challenge xmlns='urn:xmpp:sasl:2'> | ||
| cj0xMkM0Q0Q1Qy1FMzhFLTRBOTgtOEY2RC0xNUMzOEY1MUNDQzZhMDkxMTdhNi1hYzUwLTRmMmYtOTNmMS05Mzc5OWMyYmRkZjYscz1RU1hDUitRNnNlazhiZjkyLGk9NDA5NixkPWRSYzNSZW51U1k5eXBnUHBFUm93b2F5U1FaWT0= | ||
| cj0xMkM0Q0Q1Qy1FMzhFLTRBOTgtOEY2RC0xNUMzOEY1MUNDQzZhMDkxMTdhNi1hYzUwLTRmMmYtOTNmMS05Mzc5OWMyYmRkZjYscz1RU1hDUitRNnNlazhiZjkyLGk9NDA5NixoPUc2ay9yQkxEcWdPaFJSYUN1dWF0U0RGa0owOD0= | ||
| </challenge> | ||
| <!-- | ||
| The client responds with the base64 encoded SCRAM-SHA-1-PLUS client-final-message (password: 'pencil') | ||
| The c-attribute contains the GS2-header and channel-binding data blob as defined in RFC 5802. | ||
| Base64 of: 'c=cD10bHMtZXhwb3J0ZXIsLFRISVMgSVMgRkFLRSBDQiBEQVRB,r=12C4CD5C-E38E-4A98-8F6D-15C38F51CCC6a09117a6-ac50-4f2f-93f1-93799c2bddf6,p=YrZgr+FXrBmtcPY6weDLAFcSb9k=' | ||
| Base64 of: 'c=cD10bHMtZXhwb3J0ZXIsLFRISVMgSVMgRkFLRSBDQiBEQVRB,r=12C4CD5C-E38E-4A98-8F6D-15C38F51CCC6a09117a6-ac50-4f2f-93f1-93799c2bddf6,x=19C6532F-1CF4-4A27-A18D-DC9CEA41BBB3,p=M/SIDjT+dfcxUh89jZEypRvFxB4=' | ||
| --> | ||
| <response xmlns='urn:xmpp:sasl:2'> | ||
| Yz1jRDEwYkhNdFpYaHdiM0owWlhJc0xGUklTVk1nU1ZNZ1JrRkxSU0JEUWlCRVFWUkIscj0xMkM0Q0Q1Qy1FMzhFLTRBOTgtOEY2RC0xNUMzOEY1MUNDQzZhMDkxMTdhNi1hYzUwLTRmMmYtOTNmMS05Mzc5OWMyYmRkZjYscD1ZclpncitGWHJCbXRjUFk2d2VETEFGY1NiOWs9 | ||
| Yz1jRDEwYkhNdFpYaHdiM0owWlhJc0xGUklTVk1nU1ZNZ1JrRkxSU0JEUWlCRVFWUkIscj0xMkM0Q0Q1Qy1FMzhFLTRBOTgtOEY2RC0xNUMzOEY1MUNDQzZhMDkxMTdhNi1hYzUwLTRmMmYtOTNmMS05Mzc5OWMyYmRkZjYseD0xOUM2NTMyRi0xQ0Y0LTRBMjctQTE4RC1EQzlDRUE0MUJCQjMscD1NL1NJRGpUK2RmY3hVaDg5alpFeXBSdkZ4QjQ9 | ||
| </response> | ||
| <!-- | ||
| The server accepted this authentication, no tampering with the advertised SASL mechanisms or channel-bindings was detected. | ||
| --> | ||
| <success xmlns='urn:xmpp:sasl:2'> | ||
| <!-- Base64 of: 'v=bWt5Od0DkLlIvhb4BDO8kzkx0LM=' --> | ||
| <!-- Base64 of: 'v=MQrMPvv7yv4x4Cq4W4Ih25EqS2c=' --> | ||
| <additional-data> | ||
| dj1iV3Q1T2QwRGtMbEl2aGI0QkRPOGt6a3gwTE09 | ||
| dj1NUXJNUHZ2N3l2NHg0Q3E0VzRJaDI1RXFTMmM9 | ||
| </additional-data> | ||
| <authorization-identifier>[email protected]</authorization-identifier> | ||
| </success>]]></example> | ||
| </section2> | ||
| </section1> | ||
| <section1 topic='Security Considerations' anchor='security'> | ||
| <p>Using SCRAM attributes makes them part of the HMAC signatures used in the SCRAM protocol flow efficiently protecting them against any MITM attacker not knowing the password used.</p> | ||
| <p>The delimiters %x1E and %x1F were chosen because they are invalid in &w3xml; which is used by &rfc6120;. This decision MUST be revisited when the XML standard is ever upgraded!</p> | ||
| </section1> | ||
| <section1 topic='IETF Interaction' anchor='ietf'> | ||
| <p>This protocol shall be superseded by any IETF RFC providing some or all of the functionality provided by this specification. If such a specification exists implementations SHOULD NOT implement this XEP and SHOULD implement the superseding RFC instead.</p> | ||
|
|
||