Re: [xmpp] IQ Handling vulnerabilities

Thijs Alkemade <thijs@xnyhps.nl> Mon, 10 February 2014 12:12 UTC

Return-Path: <thijs@xnyhps.nl>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E4541A05E0 for <xmpp@ietfa.amsl.com>; Mon, 10 Feb 2014 04:12:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.453
X-Spam-Level:
X-Spam-Status: No, score=-0.453 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, RP_MATCHES_RCVD=-0.548] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bvpuvm2NBw0w for <xmpp@ietfa.amsl.com>; Mon, 10 Feb 2014 04:12:43 -0800 (PST)
Received: from s.xnyhps.nl (s.xnyhps.nl [46.19.32.61]) by ietfa.amsl.com (Postfix) with ESMTP id 2A0DF1A080C for <xmpp@ietf.org>; Mon, 10 Feb 2014 04:12:42 -0800 (PST)
Received: from [192.168.1.11] (196pc201.sshunet.nl [145.97.201.196]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by s.xnyhps.nl (Postfix) with ESMTPSA id 05C1E20A55; Mon, 10 Feb 2014 13:12:33 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=xnyhps.nl; s=mail; t=1392034355; bh=4cxTbUTNC/P/vK4OqDRHFjgyEBswMcc4yO2T9V/h4bI=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=bC2fZYChnw1HsCdX5h6DLmja4DjkmA+kIiSmfvWGr3XbaQN67+BL3snj2vRWzg6w1 uluSMQl8C63QbZuCy85d1Tv6ATAHyxMaxmnKYAjZIpu8oghl1mU8FNpJDJ4s/eSpG3 /QNGMpuaeCnPXOKIk7gVqeL3wp7k9CF+Bc5hBTPY=
Content-Type: multipart/signed; boundary="Apple-Mail=_52086BFC-825E-434A-B45B-E039D362D5E3"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Thijs Alkemade <thijs@xnyhps.nl>
In-Reply-To: <CAOb_FnybyUd69ayMPiLZd1i1n4=cnPA6NB-d3BqguSRH3cJLtA@mail.gmail.com>
Date: Mon, 10 Feb 2014 13:12:27 +0100
Message-Id: <A5EDDD45-EADA-43D8-B1C8-80C72F1C4AAC@xnyhps.nl>
References: <CAOb_FnxS-dMT85N7LHj5M9JWk3pL85=ugrDqaT7j5d28HBr0Cw@mail.gmail.com> <CF194491.38AD3%jhildebr@cisco.com> <2F5E925F-021D-408E-91D9-3CC5BEB6BEC6@nostrum.com> <48F4D361-4403-47E6-862D-FBDDDEBCC642@xnyhps.nl> <CF1A369C.38BE2%jhildebr@cisco.com> <CAKHUCzyCwKbmnUoXLHW=XzYbiFrcg-dQsDojGUnA-_r3qK+_Vg@mail.gmail.com> <12420410-2615-4A32-8998-AFF19D4EF7BC@xnyhps.nl> <CAKHUCzw6r4vZOHmLm62YgQAj72EjiXbqc8ZShC4=pJ5gxff31w@mail.gmail.com> <CAOb_FnybyUd69ayMPiLZd1i1n4=cnPA6NB-d3BqguSRH3cJLtA@mail.gmail.com>
To: kevin@kismith.co.uk
X-Mailer: Apple Mail (2.1827)
Cc: Ben Campbell <ben@nostrum.com>, XMPP Working Group <xmpp@ietf.org>
Subject: Re: [xmpp] IQ Handling vulnerabilities
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Feb 2014 12:12:44 -0000

On 9 feb. 2014, at 23:04, Kevin Smith <kevin@kismith.co.uk> wrote:

> On Sun, Feb 9, 2014 at 7:30 PM, Dave Cridland <dave@cridland.net> wrote:
>> I'd hope Kev's example is way off, though - I suspect that servers ignore
>> the XEP-0199 reply stanza and just look for activity on the socket.
> 
> I would hope so, too - but given some of the things we've seen on the
> client side in the last couple of weeks, I don't think it's
> unreasonable to suspect there might be servers with as severe
> problems. Whether we can find the vulnerabilities or not, though,
> doesn't reduce the need to document the issues, I think.
> 
> /K

I’ve submitted an I-D about this issue here, to help discussion at IETF 89:

http://datatracker.ietf.org/doc/draft-alkemade-xmpp-iq-validation/

Regards,
Thijs