[standards-jig] NEW: Malicious Stanzas in Jabber (JEP-0076)

David Waite mass at akuma.org
Tue Apr 1 22:12:34 UTC 2003


The idea is that if you are going to send malicious ('evil') data, be it 
malicious content (say, a message containing slander) or a packet which 
is attempting to exploit a flaw in a particular client, you are required 
to flag it as evil so that intermediate routers can apply this flag to 
their filtering rules and prevent that client from receiving the 
message. It is the same general principle as a 'spam' header in email - 
it allows you to filter out unwanted traffic. This particular 
application makes the system as a whole much more secure, since you are 
guaranteed an easy way to identify content which you would not want 
delivered or displayed.

-David Waite

Mattias Campe wrote:

> Peter Saint-Andre wrote:
>
>> Following on the publication of RFC 3514 [1] by the IETF, I have 
>> written a JEP that enables Jabber applications to flag any XML stanza 
>> type (message, presence, or iq) as malicious. The protocol
>> is defined in JEP-0076:
>>
>> http://www.jabber.org/jeps/jep-0076.html
>>
>> As always, feedback is welcome.
>
>
> Maybe strange feedback, but what is actually the purpose of this JEP? 
> Why would clients want to indicate that they are sending malicous 
> XML-data, if they know it, they can as well send the correct XML-data. 
> I'm not in doubt of this JEP :), it's just that I don't get the 
> picture :(.
>
> regards,
> Mattias
>
>
> _______________________________________________
> Standards-JIG mailing list
> Standards-JIG at jabber.org
> http://mailman.jabber.org/listinfo/standards-jig





More information about the Standards mailing list