XEP-0192: Proposed Stream Feature Improvements

This document proposes improvements to the XML stream features definition for inclusion in the specification that supersedes RFC 3920.

NOTICE: This document is currently within Last Call or under consideration by the XMPP Council for advancement to the next stage in the JSF standards process.

XEP Information

Status: Proposed
Type: Standards Track
Number: 0192
Version: 0.1
Last Updated: 2006-08-16
Publishing Organization: Jabber Software Foundation
Approving Body: XMPP Council
Dependencies: XMPP Core
Supersedes: None
Superseded By: None
Short Name: N/A
Wiki Page: <http://wiki.jabber.org/index.php/Proposed Stream Feature Improvements (XEP-0192)>

Author Information

Peter Saint-Andre

Email: stpeter@jabber.org
JID: stpeter@jabber.org

Legal Notice

This XMPP Extension Protocol is copyright 1999 - 2006 by the Jabber Software Foundation (JSF) and is in full conformance with the JSF's Intellectual Property Rights Policy <http://www.xmpp.org/extensions/ipr-policy.shtml>. This material may be distributed only subject to the terms and conditions set forth in the Creative Commons Attribution License (<http://creativecommons.org/licenses/by/2.5/>).

Discussion Venue

The preferred venue for discussion of this document is the Standards-JIG discussion list: <http://mail.jabber.org/mailman/listinfo/standards-jig>.

Relation to XMPP

The Extensible Messaging and Presence Protocol (XMPP) is defined in the XMPP Core (RFC 3920) and XMPP IM (RFC 3921) specifications contributed by the Jabber Software Foundation to the Internet Standards Process, which is managed by the Internet Engineering Task Force in accordance with RFC 2026. Any protocol defined in this document has been developed outside the Internet Standards Process and is to be understood as an extension to XMPP rather than as an evolution, development, or modification of XMPP itself.

Conformance Terms

The following keywords as used in this document are to be interpreted as described in RFC 2119: "MUST", "SHALL", "REQUIRED"; "MUST NOT", "SHALL NOT"; "SHOULD", "RECOMMENDED"; "SHOULD NOT", "NOT RECOMMENDED"; "MAY", "OPTIONAL".

Table of Contents

1. Introduction
2. Required Flag
3. Dialback Stream Feature
4. Security Considerations
5. IANA Considerations
6. XMPP Registrar Considerations
6.1. Stream Features
7. XML Schema
7.1. SASL Stream Feature
7.2. Resource Binding Stream Feature
7.3. Session Establishment Stream Feature
7.4. Server Dialback Stream Feature
8. Acknowledgements
Notes
Revision History

1. Introduction

Note: This document describes a protocol or best practice that is intended for incorporation into the specification that will supersede RFC 3920 [1] within the Internet Standards Process, i.e., rfc3920bis [2]. This document is provided only for the purpose of open community discussion of the potential modification and will be obsoleted as soon as the relevant RFC is published.

RFC 3920 introduced the concept of stream features. Implementation experience has revealed several shortcomings in the current definition and usage of stream features:

Those shortcomings are addressed in this document, and the recommendations described herein have been incorporated into rfc3920bis.

2. Required Flag

The XMPP stream feature for Transport Layer Security (TLS) includes a <required/> child element that can be used to indicate that negotiation of TLS must be completed before proceeding with the rest of the stream negotiation. However, as defined in RFC 3920 the remaining stream features do not include the ability to flag that negotiation of the feature is required in order either to proceed with the negotiation or to begin sending XML stanzas. Because the non-TLS features lack a required flag, it is not possible for the initiating entity to know definitively how to proceed at any given stage in the stream negotiation, and the only way for the initiating entity to know whether it may begin sending XML stanzas is to attempt to send them (the receiving entity will return a <not-authorized/> stream error if not all required features have been negotiated). This state of affairs is suboptimal. Therefore, we recommend that every stream feature must include the ability to flag the feature as required or not required.

The following examples show a possible flow of stream negotiation between a client and a server, using the required flag for all but one of the features. (This example is more verbose than a typical stream negotiation flow, but is provided here for the sake of completeness.)

Example 1. A stream negotiation


C: <stream:stream
     xmlns='jabber:client'
     xmlns:stream='http://etherx.jabber.org/streams'
     to='example.com'
     version='1.0'>

S: <stream:stream
     xmlns='jabber:client'
     xmlns:stream='http://etherx.jabber.org/streams'
     id='c2s_123'
     from='example.com'
     version='1.0'>

S: <stream:features>
     <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
       <required/>
     </starttls>
   </stream:features>

C: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>

S: <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>

[TLS negotiation]

C: <stream:stream
     xmlns='jabber:client'
     xmlns:stream='http://etherx.jabber.org/streams'
     to='example.com'
     version='1.0'>

S: <stream:stream
     xmlns='jabber:client'
     xmlns:stream='http://etherx.jabber.org/streams'
     from='example.com'
     id='c2s_234'
     version='1.0'>

S: <stream:features>
     <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
       <mechanism>EXTERNAL</mechanism>
       <mechanism>DIGEST-MD5</mechanism>
       <mechanism>PLAIN</mechanism>
       <required/>
     </mechanisms>
   </stream:features>

C: <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
         mechanism='DIGEST-MD5'/>

S: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
     cmVhbG09InNvbWVyZWFsbSIsbm9uY2U9Ik9BNk1HOXRFUUdtMmhoIixxb3A9ImF1dGgi
     LGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNzCg==
   </challenge>

C: <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
     dXNlcm5hbWU9InNvbWVub2RlIixyZWFsbT0ic29tZXJlYWxtIixub25jZT0i
     T0E2TUc5dEVRR20yaGgiLGNub25jZT0iT0E2TUhYaDZWcVRyUmsiLG5jPTAw
     MDAwMDAxLHFvcD1hdXRoLGRpZ2VzdC11cmk9InhtcHAvZXhhbXBsZS5jb20i
     LHJlc3BvbnNlPWQzODhkYWQ5MGQ0YmJkNzYwYTE1MjMyMWYyMTQzYWY3LGNo
     YXJzZXQ9dXRmLTgK
   </response>

S: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
     cnNwYXV0aD1lYTQwZjYwMzM1YzQyN2I1NTI3Yjg0ZGJhYmNkZmZmZAo=
   </challenge>

C: <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>

S: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>

C: <stream:stream
     xmlns='jabber:client'
     xmlns:stream='http://etherx.jabber.org/streams'
     to='example.com'
     version='1.0'>

S: <stream:stream
     xmlns='jabber:client'
     xmlns:stream='http://etherx.jabber.org/streams'
     id='c2s_345'
     from='example.com'
     version='1.0'>

S: <stream:features>
     <compression xmlns='http://jabber.org/features/compress'>
       <method>zlib</method>
       <required/>
     </compression>
   </stream:features>

C: <compress xmlns='http://jabber.org/protocol/compress'>
     <method>zlib</method>
   </compress>

S: <compressed xmlns='http://jabber.org/protocol/compress'/>

C: <stream:stream
     xmlns='jabber:client'
     xmlns:stream='http://etherx.jabber.org/streams'
     to='example.com'
     version='1.0'>

S: <stream:stream
     xmlns='jabber:client'
     xmlns:stream='http://etherx.jabber.org/streams'
     id='c2s_456'
     from='example.com'
     version='1.0'>

S: <stream:features>
     <bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'>
       <required/>
     </bind>
     <session xmlns='urn:ietf:params:xml:ns:xmpp-session'>
       <required/>
     </session>
     <amp xmlns='http://jabber.org/features/amp'/>
   </stream:features>

C: <iq type='set' id='bind_1'>
     <bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'>
       <resource>someresource</resource>
     </bind>
   </iq>

S: <iq type='result' id='bind_1'>
     <bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'>
       <jid>somenode@example.com/someresource</jid>
     </bind>
   </iq>

C: <iq to='example.com' type='set' id='sess_1'>
     <session xmlns='urn:ietf:params:xml:ns:xmpp-session'/>
   </iq>

S: <iq from='example.com' type='result' id='sess_1'/>

3. Dialback Stream Feature

As specified in RFC 3920, suupport for the server dialback protocol is currently adverised through inclusion of a dialback namespace prefix in the stream header:

Example 2. Stream header with dialback namespace advertisement


<stream:stream
    xmlns:stream='http://etherx.jabber.org/streams'
    xmlns='jabber:server'
    xmlns:db='jabber:server:dialback'
    id='s2s_123'>

However, it is not clear if inclusion of the dialback namespace indicates that a server supports the server dialback protocol or it if requires negotiation of server dialback. To make this clear, we define a stream feature for server dialback.

Consider the following scenario, in which Server1 provides a self-signed certificate. According to Server2's local service policy, it does not consider self-signed certificates to be trustworthy and therefore requires negotiation of server dialback in this case.

Example 3. A stream negotiation with server dialback


S1: <stream:stream
      xmlns='jabber:server'
      xmlns:db='jabber:server:dialback'
      xmlns:stream='http://etherx.jabber.org/streams'
      to='example.com'
      version='1.0'>

S2: <stream:stream
      xmlns='jabber:server'
      xmlns:db='jabber:server:dialback'
      xmlns:stream='http://etherx.jabber.org/streams'
      id='s2s_123'
      from='example.com'
      version='1.0'>

S2: <stream:features>
      <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
        <required/>
      </starttls>
    </stream:features>

S2: <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>

[TLS negotiation with self-signed certificate]

S1: <stream:stream
      xmlns='jabber:server'
      xmlns:db='jabber:server:dialback'
      xmlns:stream='http://etherx.jabber.org/streams'
      to='example.com'
      version='1.0'>

S2: <stream:stream
      xmlns='jabber:server'
      xmlns:db='jabber:server:dialback'
      xmlns:stream='http://etherx.jabber.org/streams'
      from='example.com'
      id='c2s_234'
      version='1.0'>

S2: <stream:features>
      <dialback xmlns='http://jabber.org/features/dialback'>
        <required/>
      </dialback>
    </stream:features>

[Dialback negotiation]

4. Security Considerations

The improvements described herein do not introduce any new security concerns above and beyond those defined in RFC 3920.

5. IANA Considerations

No interaction with the Internet Assigned Numbers Authority (IANA) [3] is required as a result of this document.

6. XMPP Registrar Considerations

6.1 Stream Features

The XMPP Registrar [4] shall include 'http://jabber.org/features/dialback' in its registry of stream features.

The submission is as follows:

<feature>
  <ns>http://jabber.org/features/dialback</ns>
  <name>dialback</name>
  <element>dialback</element>
  <desc>Support for Server Dialback</desc>
  <doc>rfc3920bis</doc>
</feature>

7. XML Schema

7.1 SASL Stream Feature

Note: The following provisional schema is intended to replace the existing schema for the SASL stream feature.

<?xml version='1.0' encoding='UTF-8'?>

<xs:schema
    xmlns:xs='http://www.w3.org/2001/XMLSchema'
    targetNamespace='urn:ietf:params:xml:ns:xmpp-sasl'
    xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
    elementFormDefault='qualified'>

  <xs:element name='mechanisms'>
    <xs:complexType>
      <xs:sequence>
        <xs:element name='mechanism' 
                    maxOccurs='unbounded'
                    type='xs:string'/>
        <xs:element name='required'
                    minOccurs='0'
                    maxOccurs='1'
                    type='empty'/>
      </xs:sequence>
    </xs:complexType>
  </xs:element>

  <xs:element name='auth'>
    <xs:complexType>
      <xs:simpleContent>
        <xs:extension base='xs:string'>
          <xs:attribute name='mechanism'
                        type='xs:string'
                        use='optional'/>
        </xs:extension>
      </xs:simpleContent>
    </xs:complexType>
  </xs:element>

  <xs:element name='challenge' type='xs:string'/>
  <xs:element name='response' type='xs:string'/>
  <xs:element name='abort' type='empty'/>
  <xs:element name='success' type='empty'/>

  <xs:element name='failure'>
    <xs:complexType>
      <xs:choice minOccurs='0'>
        <xs:element name='aborted' type='empty'/>
        <xs:element name='incorrect-encoding' type='empty'/>
        <xs:element name='invalid-authzid' type='empty'/>
        <xs:element name='invalid-mechanism' type='empty'/>
        <xs:element name='mechanism-too-weak' type='empty'/>
        <xs:element name='not-authorized' type='empty'/>
        <xs:element name='temporary-auth-failure' type='empty'/>
      </xs:choice>
    </xs:complexType>
  </xs:element>

  <xs:simpleType name='empty'>
    <xs:restriction base='xs:string'>
      <xs:enumeration value=''/>
    </xs:restriction>
  </xs:simpleType>

</xs:schema>

7.2 Resource Binding Stream Feature

Note: The following provisional schema is intended to replace the existing schema for the Resource Binding stream feature.

<?xml version='1.0' encoding='UTF-8'?>

<xs:schema
    xmlns:xs='http://www.w3.org/2001/XMLSchema'
    targetNamespace='urn:ietf:params:xml:ns:xmpp-bind'
    xmlns='urn:ietf:params:xml:ns:xmpp-bind'
    elementFormDefault='qualified'>

  <xs:element name='bind'>
    <xs:complexType>
      <xs:sequence>
        <xs:choice minOccurs='0' maxOccurs='1'>
          <xs:element name='resource' type='resourceType'/>
          <xs:element name='jid' type='fullJIDType'/>
        </xs:choice>
        <xs:element name='required'
                    minOccurs='0'
                    maxOccurs='1'
                    type='empty'/>
        </xs:choice>
      </xs:sequence>
    </xs:complexType>
  </xs:element>

  <xs:simpleType name='resourceType'>
    <xs:restriction base='xs:string'>
      <xs:minLength value='1'/>
      <xs:maxLength value='1023'/>
    </xs:restriction>
  </xs:simpleType>

  <xs:simpleType name='fullJIDType'>
    <xs:restriction base='xs:string'>
      <xs:minLength value='8'/>
      <xs:maxLength value='3071'/>
    </xs:restriction>
  </xs:simpleType>

</xs:schema>

7.3 Session Establishment Stream Feature

Note: The following provisional schema is intended to replace the existing schema for the Session Establishment stream feature.

<?xml version='1.0' encoding='UTF-8'?>

<xs:schema
    xmlns:xs='http://www.w3.org/2001/XMLSchema'
    targetNamespace='urn:ietf:params:xml:ns:xmpp-session'
    xmlns='urn:ietf:params:xml:ns:xmpp-session'
    elementFormDefault='qualified'>

  <xs:element name='session'>
    <xs:complexType>
      <xs:sequence>
        <xs:element name='required'
                    minOccurs='0'
                    maxOccurs='1'
                    type='empty'/>
      </xs:sequence>
    </xs:complexType>

  <xs:simpleType name='empty'>
    <xs:restriction base='xs:string'>
      <xs:enumeration value=''/>
    </xs:restriction>
  </xs:simpleType>

</xs:schema>

7.4 Server Dialback Stream Feature

Note: The following defines a schema for the proposed Server Dialback stream feature.

<?xml version='1.0' encoding='UTF-8'?>

<xs:schema
    xmlns:xs='http://www.w3.org/2001/XMLSchema'
    targetNamespace='http://jabber.org/features/dialback'
    xmlns='http://jabber.org/features/dialback'
    elementFormDefault='qualified'>

  <xs:element name='dialback'>
    <xs:complexType>
      <xs:sequence>
        <xs:element name='required'
                    minOccurs='0'
                    maxOccurs='1'
                    type='empty'/>
      </xs:sequence>
    </xs:complexType>

  <xs:simpleType name='empty'>
    <xs:restriction base='xs:string'>
      <xs:enumeration value=''/>
    </xs:restriction>
  </xs:simpleType>

</xs:schema>

8. Acknowledgements

Thanks to Ralph Meijer and Joe Hildebrand for their comments.

Notes

1. RFC 3920: Extensible Messaging and Presence Protocol (XMPP): Core <http://www.ietf.org/rfc/rfc3920.txt>.

2. rfc3921bis: proposed revisions to Extensible Messaging and Presence Protocol (XMPP): Core <http://www.ietf.org/internet-drafts/draft-saintandre-rfc3920bis-00.txt>. (work in progress)

3. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols, such as port numbers and URI schemes. For further information, see <http://www.iana.org/>.

4. The XMPP Registrar maintains a list of reserved protocol namespaces as well as registries of parameters used in the context of XMPP extension protocols approved by the Jabber Software Foundation. For further information, see <http://www.xmpp.org/registrar/>.

Revision History

Version 0.1 (2006-08-16)

Initial version.

(psa)

Version 0.0.1 (2006-08-10)

First draft.

(psa)

END