5 Feb
2025
5 Feb
'25
11:23 a.m.
On 13/01/2025 12.50, Daniel Gultsch wrote:
This message constitutes notice of a Last Call for
comments on
XEP-0484.
Title: Fast Authentication Streamlining Tokens
Abstract:
This specification defines a token-based method to streamline
authentication in XMPP, allowing fully authenticated stream
establishment within a single round-trip.
URL: https://xmpp.org/extensions/xep-0484.html
This Last Call begins today and shall end at the close of business on
2025-01-27.
Please consider the following questions during this Last Call and send
your feedback to the standards(a)xmpp.org discussion list:
1. Is this specification needed to fill gaps in the XMPP protocol
stack or to clarify an existing protocol?
Yep.
2. Does the specification solve the problem stated in
the introduction
and requirements?
Si!
3. Do you plan to implement this specification in your
code? If not,
why not?
Unfortunately, the time I can dedicate to voluntary XMPP development has
become scarce. I hope the situation will change again.
4. Do you have any security concerns related to this
specification?
The XEP states that the 'count' attribute protects against replay
attacks if TLS' 0-RTT data is used. I am not sure if this is true. An
attacker could take the original 0-RTT package from the wire and replay
it against the server. How does 'count' help here?
What is essential is that 0-RTT data only contains the authentication
data, but nothing more [1]. If it would contain, for example, also a
correctly pipelined <message/>, then an attacker could potentially
replay the 0-RTT data and cause the server to send the message.
Further remarks:
Shouldn't token invalidation be possible without having to go through a
SASL authentication? I am at a kiosk browser and hit the 'logout'
button. Now the browser first has to disconnect and reconnect to
invalidate the token?
Same for token rotation: what if a client has a long-lasting connection.
Wouldn't it be good to be able to rotate the token without having to
re-connect? Why not have the server simply push a new token to the
client if the current one approaches its expiry date?
- Flow
1: See also the relevant paragraph about 0-RTT in
https://datatracker.ietf.org/doc/html/draft-schmaus-kitten-sasl-ht-10#name-…