[Standards] Addressing Security Concerns in XEP-0115 Entity Capabilities
jig at monitzer.com
Mon Sep 12 23:26:39 UTC 2011
On Montag, 12. September 2011 at 23:22, Peter Saint-Andre wrote:
> One of the major problems with the current approach is that there's no
> hard border between identities and features, and between features and
> extensions. As a result, malicious software can define certain clever
> identities and features and extensions that bleed over into adjacent
> parts of the input string.
> One way to solve this problem is to define a new algorithm, either in a
> revision to XEP-0115 or in a new spec with a new namespace. To conserve
> space in presence, we'd prefer to avoid a new namespace. So that it is
> possible to continue using the vast majority of existing caps hashes,
> we'd prefer to keep the algorithm the same, if that can be accomplished
> in a secure way.
While your solution is pretty ingenious, it strikes me as a huge workaround, and I wonder whether that's really what you want. Keep in mind that this spec is pretty central to XMPP, so every client has to implement it, and it shouldn't change that often (meaning this will stick around for a decade or more). A consequence of this is that it should be as simple as possible.
The algorithm is already a mess (I know what I'm talking about, I had to implement it a few weeks ago), and this modification makes it even worse.
More information about the Standards