[xmpp] [Errata Held for Document Update] RFC6121 (5058)
RFC Errata System <rfc-editor@rfc-editor.org> Mon, 10 July 2017 20:30 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8054012ECCE; Mon, 10 Jul 2017 13:30:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.203
X-Spam-Level:
X-Spam-Status: No, score=-4.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a-LFlRD9YFlp; Mon, 10 Jul 2017 13:30:22 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97EDB129B36; Mon, 10 Jul 2017 13:30:22 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 08679B80D30; Mon, 10 Jul 2017 13:30:20 -0700 (PDT)
To: flo@geekplace.eu, ietf@stpeter.im
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: ben@nostrum.com, iesg@ietf.org, xmpp@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20170710203021.08679B80D30@rfc-editor.org>
Date: Mon, 10 Jul 2017 13:30:20 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/xmpp/9Llu58CsvPdbFOHSZjqdrzxzl94>
Subject: [xmpp] [Errata Held for Document Update] RFC6121 (5058)
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jul 2017 20:30:24 -0000
The following errata report has been held for document update for RFC6121, "Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata/eid5058 -------------------------------------- Status: Held for Document Update Type: Technical Reported by: Florian Schmaus <flo@geekplace.eu> Date Reported: 2017-07-02 Held by: Ben Campbell (IESG) Section: 2.1.6 Original Text ------------- 2. A receiving client MUST ignore the stanza unless it has no 'from' attribute (i.e., implicitly from the bare JID of the user's account) or it has a 'from' attribute whose value matches the user's bare JID <user@domainpart>. Corrected Text -------------- 2. A receiving client MUST ignore the stanza unless it has no 'from' attribute (i.e., implicitly from the bare JID of the user's account) or it has a 'from' attribute whose value matches either the user's bare JID <user@domainpart> or the address of an entity authorized performing roster pushes. Notes ----- RFC 6121 § 2.1.6 2. specifies that roster pushes have to origin from the "user's account", i.e., no 'from' attribute or 'from' attribute matching the user's bare JID. However the Security Warning in the same section states that ... this specification allows entities other than the user's server to maintain roster information, which means that a roster push might include a 'from' address other than the bare JID of the user's account. Therefore, the client MUST check the 'from' address to verify that the sender of the roster push is authorized to update the roster. which contradicts what is specified in § 2.1.6 2. Verifier note: This seems more than editorial, and probably needs some discussion about third party authorizations. I will set the status to "Held for Document Update" -------------------------------------- RFC6121 (draft-ietf-xmpp-3921bis-20) -------------------------------------- Title : Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence Publication Date : March 2011 Author(s) : P. Saint-Andre Category : PROPOSED STANDARD Source : Extensible Messaging and Presence Protocol RAI Area : Real-time Applications and Infrastructure Stream : IETF Verifying Party : IESG
- [xmpp] [Errata Held for Document Update] RFC6121 … RFC Errata System