Re: [xmpp] IQ Handling vulnerabilities

Thijs Alkemade <thijs@xnyhps.nl> Fri, 07 February 2014 10:47 UTC

Return-Path: <thijs@xnyhps.nl>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48F111A020B for <xmpp@ietfa.amsl.com>; Fri, 7 Feb 2014 02:47:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.44
X-Spam-Level:
X-Spam-Status: No, score=-0.44 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, RP_MATCHES_RCVD=-0.535] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dw3qGZs5AvW0 for <xmpp@ietfa.amsl.com>; Fri, 7 Feb 2014 02:47:07 -0800 (PST)
Received: from s.xnyhps.nl (s.xnyhps.nl [46.19.32.61]) by ietfa.amsl.com (Postfix) with ESMTP id 6968A1A0033 for <xmpp@ietf.org>; Fri, 7 Feb 2014 02:47:07 -0800 (PST)
Received: from [192.168.1.11] (196pc201.sshunet.nl [145.97.201.196]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by s.xnyhps.nl (Postfix) with ESMTPSA id 6D78E20AE8; Fri, 7 Feb 2014 11:46:57 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=xnyhps.nl; s=mail; t=1391770017; bh=xGShtPzAHB15O3jTybPxwGA9J2HhYF8gVPay1THR6iY=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=j9+aPmQJUd3IGNYhC9tTTkq2cJSfoQQV3zCNl02r0NX0MwAEDI1As75i618xb4fiC PEsejTyB5ZK92TJHqEL1T+H41CkaWG7KfxDLz71MoKhZ8h5fR0yp/xgt6+fyXGaY+K 3/4xVQcP0qgSwmpq4j9n2byYyewvIXk168M9ffZ4=
Content-Type: multipart/signed; boundary="Apple-Mail=_5745AD70-9C7B-4CCE-9539-679BED716C1B"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Thijs Alkemade <thijs@xnyhps.nl>
In-Reply-To: <2F5E925F-021D-408E-91D9-3CC5BEB6BEC6@nostrum.com>
Date: Fri, 7 Feb 2014 11:46:55 +0100
Message-Id: <48F4D361-4403-47E6-862D-FBDDDEBCC642@xnyhps.nl>
References: <CAOb_FnxS-dMT85N7LHj5M9JWk3pL85=ugrDqaT7j5d28HBr0Cw@mail.gmail.com> <CF194491.38AD3%jhildebr@cisco.com> <2F5E925F-021D-408E-91D9-3CC5BEB6BEC6@nostrum.com>
To: Ben Campbell <ben@nostrum.com>
X-Mailer: Apple Mail (2.1827)
Cc: XMPP Working Group <xmpp@ietf.org>
Subject: Re: [xmpp] IQ Handling vulnerabilities
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2014 10:47:09 -0000

On 6 feb. 2014, at 23:30, Peter Saint-Andre <stpeter@stpeter.im> wrote:

>>> b) Use predictably generated ids for stanzas (ill-advised, but not
>>> strictly wrong)
>> 
>> We need to fix the advice given in
>> http://xmpp.org/rfcs/rfc6120.html#stanzas-attributes-id
> 
> Yes, that too - probably we'd want to say that 'id' values ought to be random (e.g., UUIDs).

Well, actually...

The property we really want from ids is that predicting the next one(s) given
some historic ones is hard. That is not a guarantee UUIDs give by definition.
The time based UUIDs (version 1) obviously don't have this property, but also
randomly generated UUIDs (version 4) may be generated with any PRNG, even
linear congruential ones. In fact, the Security Considerations of RFC 4122
cover this:

   Do not assume that UUIDs are hard to guess; they should not be used
   as security capabilities (identifiers whose mere possession grants
   access), for example.  A predictable random number source will
   exacerbate the situation.

I'm afraid that suggesting to use UUIDs will cause people to still not check
the 'from' attribute, but to assume their UUIDs are impossible to predict by
others. I think it would be better advise to grab 8 or 16 bytes from a CSPRNG
and hex-encode/base64-encode/SHA1-hash that.

> Who's volunteering to write this up? Maybe Thijs?

Yes, I would be willing to do this.

Thijs