Re: [xmpp] #56: UUID recommended as server-generated resource

"xmpp issue tracker" <trac@tools.ietf.org> Sun, 27 June 2010 22:22 UTC

Return-Path: <trac@tools.ietf.org>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3839C3A69F7 for <xmpp@core3.amsl.com>; Sun, 27 Jun 2010 15:22:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.444
X-Spam-Level:
X-Spam-Status: No, score=-101.444 tagged_above=-999 required=5 tests=[AWL=-0.844, BAYES_00=-2.599, NO_RELAYS=-0.001, SARE_RAND_1=2, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08+6rzxi5jv1 for <xmpp@core3.amsl.com>; Sun, 27 Jun 2010 15:22:49 -0700 (PDT)
Received: from zinfandel.tools.ietf.org (unknown [IPv6:2001:1890:1112:1::2a]) by core3.amsl.com (Postfix) with ESMTP id 701773A69C8 for <xmpp@ietf.org>; Sun, 27 Jun 2010 15:22:49 -0700 (PDT)
Received: from localhost ([::1] helo=zinfandel.tools.ietf.org) by zinfandel.tools.ietf.org with esmtp (Exim 4.72) (envelope-from <trac@tools.ietf.org>) id 1OT0Ff-0004A5-J9; Sun, 27 Jun 2010 15:22:59 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: xmpp issue tracker <trac@tools.ietf.org>
X-Trac-Version: 0.11.7
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.11.7, by Edgewall Software
To: stpeter@stpeter.im
X-Trac-Project: xmpp
Date: Sun, 27 Jun 2010 22:22:59 -0000
X-URL: http://tools.ietf.org/xmpp/
X-Trac-Ticket-URL: https://trac.tools.ietf.org/wg/xmpp/trac/ticket/56#comment:1
Message-ID: <066.9bd56ae19d51c559dcbba955d1c5f8c5@tools.ietf.org>
References: <057.251d9dcc5af32136dc33459a30884228@tools.ietf.org>
X-Trac-Ticket-ID: 56
In-Reply-To: <057.251d9dcc5af32136dc33459a30884228@tools.ietf.org>
X-SA-Exim-Connect-IP: ::1
X-SA-Exim-Rcpt-To: stpeter@stpeter.im, xmpp@ietf.org
X-SA-Exim-Mail-From: trac@tools.ietf.org
X-SA-Exim-Scanned: No (on zinfandel.tools.ietf.org); SAEximRunCond expanded to false
Cc: xmpp@ietf.org
Subject: Re: [xmpp] #56: UUID recommended as server-generated resource
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Jun 2010 22:22:50 -0000

#56: UUID recommended as server-generated resource
--------------------------------+-------------------------------------------
 Reporter:  stpeter@…           |        Owner:  stpeter@…         
     Type:  defect              |       Status:  closed            
 Priority:  minor               |    Milestone:                    
Component:  3920bis             |      Version:                    
 Severity:  In WG Last Call     |   Resolution:  fixed             
 Keywords:                      |  
--------------------------------+-------------------------------------------
Changes (by stpeter@…):

  * status:  new => closed
  * resolution:  => fixed


Comment:

 Removed conformance language, as follows:

       Security Note: A resourcepart can be security-critical.  For
       example, if a malicious entity can guess a client's resourcepart
       then it might be able to determine if the client (and therefore
       the controlling principal) is online or offline, thus resulting in
       a presence leak as described under Section 13.10.2.  To prevent
       that possibility, a client can either (1) generate a random
       resourcepart on its own or (2) ask the server to generate a
       resourcepart on its behalf, which MUST be random (see [RANDOM]).
       One method for ensuring that the resourcepart is random is to
       generate a Universally Unique Identifier (UUID) as specified in
       [UUID].

-- 
Ticket URL: <https://trac.tools.ietf.org/wg/xmpp/trac/ticket/56#comment:1>
xmpp <http://tools.ietf.org/xmpp/>