[Standards] XEP-0374: How to handle conflicting stanza elements?
daniel at gultsch.de
Fri Dec 8 19:29:21 UTC 2017
XEP-0374 states that »The child elements of the OpenPGP content
element's <payload/> can be seen as stanza extension elements which
are encrypted and signed. After the <openpgp/> element and the
including <signcrypt/>, element was verified, they SHOULD be processed
similar as if they had been direct extension elements of the stanza.«
My interpretation is that this means that both! the regular stanza
elements as well as the encrypted stanza elements will be processed.
How do we make sure that they are not in conflict to each other; and
or the 'outer' stanza elements can be used to manipulate the inner
A quick example from the top of my head; What if an attacker sneaks in
a <replaced id="some-previous-id"/> in the 'outer'/unecrypted stanza.
Or what if the outer as well as the inner stanza contain an origin-id.
Which one counts? Do the inner elements always overwrite the outer?
Should I not process any of the outer elements at all? What about a
stanza-id in the outer part?
What about SIMS and other message references in the outer stanza? I
think one can find a lot of XEPs, which, included in the outer stanza
will have some influence on the inner stanza that may or may not be
desirable in a XEP that's about security.
My proposition would be to ignore all outer elements with some very
few white listed exceptions; (like stanza-id). But maybe I'm just
misinterpreting the XEP?
More information about the Standards