XEP-0192: Proposed Stream Feature Improvements

Abstract:This document proposes improvements to the XML stream features definition for inclusion in the specification that supersedes RFC 3920.
Author:Peter Saint-Andre
Copyright:© 1999 - 2010 XMPP Standards Foundation. SEE LEGAL NOTICES.
Status:Draft
Type:Standards Track
Version:1.0
Last Updated:2007-01-17

NOTICE: The protocol defined herein is a Draft Standard of the XMPP Standards Foundation. Implementations are encouraged and the protocol is appropriate for deployment in production systems, but some changes to the protocol are possible before it becomes a Final Standard.

Table of Contents


1. Introduction
2. Required Flag
3. Dialback Stream Feature
4. Security Considerations
5. IANA Considerations
6. XMPP Registrar Considerations
    6.1. Stream Features
7. XML Schema
    7.1. SASL Stream Feature
    7.2. Resource Binding Stream Feature
    7.3. Server Dialback Stream Feature
8. Acknowledgements

Appendices
    A: Document Information
    B: Author Information
    C: Legal Notices
    D: Relation to XMPP
    E: Discussion Venue
    F: Requirements Conformance
    G: Notes
    H: Revision History

1. Introduction

Note: This document describes a protocol or best practice that is intended for incorporation into the specification that will supersede RFC 3920 [1] within the Internet Standards Process, i.e., rfc3920bis [2]. This document is provided only for the purpose of open community discussion of the potential modification and will be obsoleted as soon as the relevant RFC is published.

RFC 3920 introduced the concept of stream features. Implementation experience has revealed several shortcomings in the current definition and usage of stream features:

Those shortcomings are addressed in this document, and the recommendations described herein have been incorporated into rfc3920bis.

2. Required Flag

The XMPP stream feature for Transport Layer Security (TLS) includes a <required/> child element that can be used to indicate that negotiation of TLS must be completed before proceeding with the rest of the stream negotiation. However, as defined in RFC 3920 the remaining stream features do not include the ability to flag that negotiation of the feature is required in order to (1) proceed with the negotiation or (2) begin sending XML stanzas. Because the non-TLS features lack a required flag, it is not possible for the initiating entity to know definitively how to proceed at any given stage in the stream negotiation, and the only way for the initiating entity to know whether it may begin sending XML stanzas is to attempt to send them (the receiving entity will return a <not-authorized/> stream error if not all required features have been negotiated). This state of affairs is suboptimal. Therefore, every stream feature must include the ability to flag the feature as required or not required. When the initiating entity receives a stream features element with no features containing a <required/> element, it knows thatt the receiving party will accept XML stanzas over the stream.

The following examples show a possible flow of stream negotiation between a client and a server, using the required flag for all but one of the features and following the order specified in Recommended Order of Stream Feature Negotiation [3]. (This example is more verbose than a typical stream negotiation flow, but is provided here for the sake of completeness.)

Example 1. A stream negotiation


C: <stream:stream
     xmlns='jabber:client'
     xmlns:stream='http://etherx.jabber.org/streams'
     to='example.com'
     version='1.0'>

S: <stream:stream
     xmlns='jabber:client'
     xmlns:stream='http://etherx.jabber.org/streams'
     id='c2s_123'
     from='example.com'
     version='1.0'>

S: <stream:features>
     <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
       <required/>
     </starttls>
   </stream:features>

C: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>

S: <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>

[TLS negotiation]

C: <stream:stream
     xmlns='jabber:client'
     xmlns:stream='http://etherx.jabber.org/streams'
     to='example.com'
     version='1.0'>

S: <stream:stream
     xmlns='jabber:client'
     xmlns:stream='http://etherx.jabber.org/streams'
     from='example.com'
     id='c2s_234'
     version='1.0'>

S: <stream:features>
     <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
       <mechanism>EXTERNAL</mechanism>
       <mechanism>DIGEST-MD5</mechanism>
       <mechanism>PLAIN</mechanism>
       <required/>
     </mechanisms>
   </stream:features>

C: <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
         mechanism='DIGEST-MD5'/>

S: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
     cmVhbG09InNvbWVyZWFsbSIsbm9uY2U9Ik9BNk1HOXRFUUdtMmhoIixxb3A9ImF1dGgi
     LGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNzCg==
   </challenge>

C: <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
     dXNlcm5hbWU9InNvbWVub2RlIixyZWFsbT0ic29tZXJlYWxtIixub25jZT0i
     T0E2TUc5dEVRR20yaGgiLGNub25jZT0iT0E2TUhYaDZWcVRyUmsiLG5jPTAw
     MDAwMDAxLHFvcD1hdXRoLGRpZ2VzdC11cmk9InhtcHAvZXhhbXBsZS5jb20i
     LHJlc3BvbnNlPWQzODhkYWQ5MGQ0YmJkNzYwYTE1MjMyMWYyMTQzYWY3LGNo
     YXJzZXQ9dXRmLTgK
   </response>

S: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
     cnNwYXV0aD1lYTQwZjYwMzM1YzQyN2I1NTI3Yjg0ZGJhYmNkZmZmZAo=
   </challenge>

C: <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>

S: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>

C: <stream:stream
     xmlns='jabber:client'
     xmlns:stream='http://etherx.jabber.org/streams'
     to='example.com'
     version='1.0'>

S: <stream:stream
     xmlns='jabber:client'
     xmlns:stream='http://etherx.jabber.org/streams'
     id='c2s_345'
     from='example.com'
     version='1.0'>

S: <stream:features>
     <compression xmlns='http://jabber.org/features/compress'>
       <method>zlib</method>
       <required/>
     </compression>
   </stream:features>

C: <compress xmlns='http://jabber.org/protocol/compress'>
     <method>zlib</method>
   </compress>

S: <compressed xmlns='http://jabber.org/protocol/compress'/>

C: <stream:stream
     xmlns='jabber:client'
     xmlns:stream='http://etherx.jabber.org/streams'
     to='example.com'
     version='1.0'>

S: <stream:stream
     xmlns='jabber:client'
     xmlns:stream='http://etherx.jabber.org/streams'
     id='c2s_456'
     from='example.com'
     version='1.0'>

S: <stream:features>
     <bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'>
       <required/>
     </bind>
   </stream:features>

C: <iq type='set' id='bind_1'>
     <bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'>
       <resource>someresource</resource>
     </bind>
   </iq>

S: <iq type='result' id='bind_1'>
     <bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'>
       <jid>somenode@example.com/someresource</jid>
     </bind>
   </iq>

3. Dialback Stream Feature

As specified in RFC 3920, support for the server dialback protocol is currently adverised through inclusion of a dialback namespace prefix in the stream header:

Example 2. Stream header with dialback namespace advertisement

<stream:stream
    xmlns:stream='http://etherx.jabber.org/streams'
    xmlns='jabber:server'
    xmlns:db='jabber:server:dialback'
    id='s2s_123'>

However, it is not clear if inclusion of the dialback namespace indicates that a server supports the server dialback protocol or that it requires negotiation of server dialback. To make this clear, we define a stream feature for server dialback:

Example 3. Dialback stream feature

<stream:features>
  <dialback xmlns='urn:xmpp:features:dialback'>
    <required/>
  </dialback>
</stream:features>

Consider the following scenario, in which Server1 provides a self-signed certificate. According to Server2's local service policy, it does not consider self-signed certificates to be trustworthy and therefore requires negotiation of server dialback in this case.

Example 4. A stream negotiation with server dialback

S1: <stream:stream
      xmlns='jabber:server'
      xmlns:db='jabber:server:dialback'
      xmlns:stream='http://etherx.jabber.org/streams'
      to='example.com'
      version='1.0'>

S2: <stream:stream
      xmlns='jabber:server'
      xmlns:db='jabber:server:dialback'
      xmlns:stream='http://etherx.jabber.org/streams'
      id='s2s_123'
      from='example.com'
      version='1.0'>

S2: <stream:features>
      <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>
        <required/>
      </starttls>
    </stream:features>

S2: <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>

[TLS negotiation with self-signed certificate]

S1: <stream:stream
      xmlns='jabber:server'
      xmlns:db='jabber:server:dialback'
      xmlns:stream='http://etherx.jabber.org/streams'
      to='example.com'
      version='1.0'>

S2: <stream:stream
      xmlns='jabber:server'
      xmlns:db='jabber:server:dialback'
      xmlns:stream='http://etherx.jabber.org/streams'
      from='example.com'
      id='c2s_234'
      version='1.0'>

S2: <stream:features>
      <dialback xmlns='urn:xmpp:features:dialback'>
        <required/>
      </dialback>
    </stream:features>

[Dialback negotiation]

4. Security Considerations

The improvements described herein do not introduce any new security concerns above and beyond those defined in RFC 3920.

5. IANA Considerations

No interaction with the Internet Assigned Numbers Authority (IANA) [4] is required as a result of this document.

6. XMPP Registrar Considerations

6.1 Stream Features

The XMPP Registrar [5] includes a dialback stream feature of 'urn:xmpp:features:dialback' in its registry of stream features (see <http://xmpp.org/registrar/stream-features.html>).

The submission is as follows:

<feature>
  <ns>urn:xmpp:features:dialback</ns>
  <name>dialback</name>
  <element>dialback</element>
  <desc>Support for Server Dialback</desc>
  <doc>XEP-0192 (rfc3920bis when published)</doc>
</feature>

7. XML Schema

7.1 SASL Stream Feature

Note: The following provisional schema is intended to replace the existing schema for the SASL stream feature.

<?xml version='1.0' encoding='UTF-8'?>

<xs:schema
    xmlns:xs='http://www.w3.org/2001/XMLSchema'
    targetNamespace='urn:ietf:params:xml:ns:xmpp-sasl'
    xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
    elementFormDefault='qualified'>

  <xs:element name='mechanisms'>
    <xs:complexType>
      <xs:sequence>
        <xs:element name='mechanism' 
                    maxOccurs='unbounded'
                    type='xs:string'/>
        <xs:element name='required'
                    minOccurs='0'
                    maxOccurs='1'
                    type='empty'/>
      </xs:sequence>
    </xs:complexType>
  </xs:element>

  <xs:element name='auth'>
    <xs:complexType>
      <xs:simpleContent>
        <xs:extension base='xs:string'>
          <xs:attribute name='mechanism'
                        type='xs:string'
                        use='optional'/>
        </xs:extension>
      </xs:simpleContent>
    </xs:complexType>
  </xs:element>

  <xs:element name='challenge' type='xs:string'/>
  <xs:element name='response' type='xs:string'/>
  <xs:element name='abort' type='empty'/>
  <xs:element name='success' type='empty'/>

  <xs:element name='failure'>
    <xs:complexType>
      <xs:choice minOccurs='0'>
        <xs:element name='aborted' type='empty'/>
        <xs:element name='incorrect-encoding' type='empty'/>
        <xs:element name='invalid-authzid' type='empty'/>
        <xs:element name='invalid-mechanism' type='empty'/>
        <xs:element name='mechanism-too-weak' type='empty'/>
        <xs:element name='not-authorized' type='empty'/>
        <xs:element name='temporary-auth-failure' type='empty'/>
      </xs:choice>
    </xs:complexType>
  </xs:element>

  <xs:simpleType name='empty'>
    <xs:restriction base='xs:string'>
      <xs:enumeration value=''/>
    </xs:restriction>
  </xs:simpleType>

</xs:schema>

7.2 Resource Binding Stream Feature

Note: The following provisional schema is intended to replace the existing schema for the Resource Binding stream feature.

<?xml version='1.0' encoding='UTF-8'?>

<xs:schema
    xmlns:xs='http://www.w3.org/2001/XMLSchema'
    targetNamespace='urn:ietf:params:xml:ns:xmpp-bind'
    xmlns='urn:ietf:params:xml:ns:xmpp-bind'
    elementFormDefault='qualified'>

  <xs:element name='bind'>
    <xs:complexType>
      <xs:sequence>
        <xs:choice minOccurs='0' maxOccurs='1'>
          <xs:element name='resource' type='resourceType'/>
          <xs:element name='jid' type='fullJIDType'/>
        </xs:choice>
        <xs:element name='required'
                    minOccurs='0'
                    maxOccurs='1'
                    type='empty'/>
        </xs:choice>
      </xs:sequence>
    </xs:complexType>
  </xs:element>

  <xs:simpleType name='resourceType'>
    <xs:restriction base='xs:string'>
      <xs:minLength value='1'/>
      <xs:maxLength value='1023'/>
    </xs:restriction>
  </xs:simpleType>

  <xs:simpleType name='fullJIDType'>
    <xs:restriction base='xs:string'>
      <xs:minLength value='8'/>
      <xs:maxLength value='3071'/>
    </xs:restriction>
  </xs:simpleType>

</xs:schema>

7.3 Server Dialback Stream Feature

Note: The following defines a schema for the proposed Server Dialback stream feature.

<?xml version='1.0' encoding='UTF-8'?>

<xs:schema
    xmlns:xs='http://www.w3.org/2001/XMLSchema'
    targetNamespace='urn:xmpp:features:dialback'
    xmlns='urn:xmpp:features:dialback'
    elementFormDefault='qualified'>

  <xs:element name='dialback'>
    <xs:complexType>
      <xs:sequence>
        <xs:element name='required'
                    minOccurs='0'
                    maxOccurs='1'
                    type='empty'/>
      </xs:sequence>
    </xs:complexType>

  <xs:simpleType name='empty'>
    <xs:restriction base='xs:string'>
      <xs:enumeration value=''/>
    </xs:restriction>
  </xs:simpleType>

</xs:schema>

8. Acknowledgements

Thanks to Ralph Meijer and Joe Hildebrand for their comments.

Appendices

Appendix A: Document Information

Series: XEP
Number: 0192
Publisher: XMPP Standards Foundation
Status: Draft
Type: Standards Track
Version: 1.0
Last Updated: 2007-01-17
Approving Body: XMPP Council
Dependencies: XMPP Core
Supersedes: None
Superseded By: None
Short Name: N/A
Source Control: HTML  RSS
This document in other formats: XML  PDF

Appendix B: Author Information

Peter Saint-Andre

Email: stpeter@jabber.org
JabberID: stpeter@jabber.org
URI: https://stpeter.im/

Appendix C: Legal Notices

Copyright

This XMPP Extension Protocol is copyright © 1999 - 2010 by the XMPP Standards Foundation (XSF).

Permissions

Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the "Specification"), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specification, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or substantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or publisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation.

Disclaimer of Warranty

## NOTE WELL: This Specification is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. ##

Limitation of Liability

In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall the XMPP Standards Foundation or any author of this Specification be liable for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising from, out of, or in connection with the Specification or the implementation, deployment, or other use of the Specification (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if the XMPP Standards Foundation or such author has been advised of the possibility of such damages.

IPR Conformance

This XMPP Extension Protocol has been contributed in full conformance with the XSF's Intellectual Property Rights Policy (a copy of which can be found at <http://xmpp.org/extensions/ipr-policy.shtml> or obtained by writing to XMPP Standards Foundation, 1899 Wynkoop Street, Suite 600, Denver, CO 80202 USA).

Appendix D: Relation to XMPP

The Extensible Messaging and Presence Protocol (XMPP) is defined in the XMPP Core (RFC 3920) and XMPP IM (RFC 3921) specifications contributed by the XMPP Standards Foundation to the Internet Standards Process, which is managed by the Internet Engineering Task Force in accordance with RFC 2026. Any protocol defined in this document has been developed outside the Internet Standards Process and is to be understood as an extension to XMPP rather than as an evolution, development, or modification of XMPP itself.

Appendix E: Discussion Venue

The primary venue for discussion of XMPP Extension Protocols is the <standards@xmpp.org> discussion list.

Discussion on other xmpp.org discussion lists might also be appropriate; see <http://xmpp.org/about/discuss.shtml> for a complete list.

Errata can be sent to <editor@xmpp.org>.

Appendix F: Requirements Conformance

The following requirements keywords as used in this document are to be interpreted as described in RFC 2119: "MUST", "SHALL", "REQUIRED"; "MUST NOT", "SHALL NOT"; "SHOULD", "RECOMMENDED"; "SHOULD NOT", "NOT RECOMMENDED"; "MAY", "OPTIONAL".

Appendix G: Notes

1. RFC 3920: Extensible Messaging and Presence Protocol (XMPP): Core <http://tools.ietf.org/html/rfc3920>.

2. rfc3920bis: proposed revisions to Extensible Messaging and Presence Protocol (XMPP): Core <http://tools.ietf.org/html/draft-ietf-xmpp-3920bis>. (work in progress)

3. XEP-0170: Recommended Order of Stream Feature Negotiation <http://xmpp.org/extensions/xep-0170.html>.

4. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols, such as port numbers and URI schemes. For further information, see <http://www.iana.org/>.

5. The XMPP Registrar maintains a list of reserved protocol namespaces as well as registries of parameters used in the context of XMPP extension protocols approved by the XMPP Standards Foundation. For further information, see <http://xmpp.org/registrar/>.

Appendix H: Revision History

Note: Older versions of this specification might be available at http://xmpp.org/extensions/attic/

Version 1.0 (2007-01-17)

Per a vote of the XMPP Council, advanced specification to Draft; XMPP Registrar assigned urn:xmpp:features:dialback as namespace for dialback stream feature.

(psa)

Version 0.2 (2006-12-20)

Removed session establishment examples and text; specified that namespace for dialback stream feature shall be issued by the XMPP Registrar.

(psa)

Version 0.1 (2006-08-16)

Initial version.

(psa)

Version 0.0.1 (2006-08-10)

First draft.

(psa)

END