Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
188 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
.PHONY: all clean | ||
|
||
# Finde the path to the Makefile, and the path to the directory of the | ||
# Makefile. Credits to http://stackoverflow.com/a/18137056/194894 | ||
MKFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST))) | ||
MKFILE_DIR := $(notdir $(patsubst %/,%,$(dir $(MKFILE_PATH)))) | ||
XEP := $(shell basename $(MKFILE_DIR)) | ||
XEP_XML := $(XEP).xml | ||
FROM_XMPP_GIT := xep.xsl xep.dtd xep.ent xmpp.css prettify.css prettify.js | ||
|
||
ifneq ($(wildcard xep-official.xml),) | ||
OFFICIAL_XEP_FOUND := true | ||
else | ||
OFFICIAL_XEP_FOUND := false | ||
endif | ||
|
||
ifeq ($(OFFICIAL_XEP_FOUND), true) | ||
all: xep-official.html xml-colordiff.html | ||
|
||
XML_DIFF_PREREQUISITES := $(XEP_XML) xep-official.xml | ||
COLORDIFF_PIPE := wdiff -n $(XML_DIFF_PREREQUISITES) |colordiff | ||
.PHONY: xml-colordiff | ||
xml-colordiff: | ||
$(COLORDIFF_PIPE) |less -R | ||
|
||
xml-colordiff.html: $(XML_DIFF_PREREQUISITES) | ||
$(COLORDIFF_PIPE) |aha > $@ | ||
endif | ||
|
||
ifeq (,$(shell which htmldiff 2> /dev/null)) | ||
HTMLDIFF_BINARY_AVAILABLE := false | ||
else | ||
HTMLDIFF_BINARY_AVAILABLE := true | ||
endif | ||
|
||
DIFF_HTML := diff.html diff-side-by-side.html | ||
ifeq (true, $(and $(findstring true, $(HTMLDIFF_BINARY_AVAILABLE)), $(findstring true, $(OFFICIAL_XEP_FOUND)))) | ||
all: $(DIFF_HTML) | ||
endif | ||
|
||
all: $(XEP).html | ||
|
||
xep.xsl: ../xsf-xeps/xep.xsl | ||
cp $^ $@ | ||
|
||
xep.dtd: ../xsf-xeps/xep.dtd | ||
cp $^ $@ | ||
|
||
xep.ent: ../xsf-xeps/xep.ent | ||
cp $^ $@ | ||
|
||
xmpp.css: ../xsf-xeps/xmpp.css | ||
cp $^ $@ | ||
|
||
prettify.css: ../xsf-xeps/prettify.css | ||
cp $^ $@ | ||
|
||
prettify.js: ../xsf-xeps/prettify.js | ||
cp $^ $@ | ||
|
||
%.html: %.xml $(FROM_XMPP_GIT) | ||
xsltproc $^ --output $@ | ||
|
||
COMMON_DIFF_PREREQUISITES := xep-official.html $(XEP).html | ||
|
||
diff.html: $(COMMON_DIFF_PREREQUISITES) | ||
htmldiff -a $^ > $@ | ||
|
||
diff-side-by-side.html: $(COMMON_DIFF_PREREQUISITES) | ||
htmldiff -a -s $^ > $@ | ||
|
||
clean: | ||
rm -f $(XEP).html | ||
rm -f $(FROM_XMPP_GIT) | ||
rm -f $(DIFF_HTML) | ||
rm -f xep-official.html | ||
rm -f xml-colordiff.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,111 @@ | ||
<?xml version='1.0' encoding='UTF-8'?> | ||
<!DOCTYPE xep SYSTEM 'xep.dtd' [ | ||
<!ENTITY rfc5056 "<span class='ref'><link url='http://tools.ietf.org/html/rfc5056'>RFC 5056</link></span> <note>RFC 5056: On the Use of Channel Bindings to Secure Channels <<link url='http://tools.ietf.org/html/rfc5056'>http://tools.ietf.org/html/rfc5056</link>>.</note>" > | ||
<!ENTITY iana-cb-types "<span class='ref'><link url='https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml'>IANA Channel-Binding Types Registry</link></span> <note>IANA Channel-Binding Types Registry <<link url='https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml'>https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml</link>>.</note>" > | ||
<!ENTITY % ents SYSTEM 'xep.ent'> | ||
%ents; | ||
]> | ||
<?xml-stylesheet type='text/xsl' href='xep.xsl'?> | ||
<xep> | ||
<header> | ||
<title>SASL Channel-Binding Type Capability</title> | ||
<abstract>This specification provides an example of the format for XMPP Extension Protocols (XEPs).</abstract> | ||
&LEGALNOTICE; | ||
<number>xxxx</number> | ||
<status>ProtoXEP</status> | ||
<type>Standards Track</type> | ||
<sig>Standards</sig> | ||
<approver>Council</approver> | ||
<dependencies> | ||
<spec>XMPP Core</spec> | ||
</dependencies> | ||
<supersedes/> | ||
<supersededby/> | ||
<shortname>sasl-cb-types</shortname> | ||
&flow; | ||
<revision> | ||
<version>0.0.1</version> | ||
<date>2020-05-20</date> | ||
<initials>fs</initials> | ||
<remark><p>First draft.</p></remark> | ||
</revision> | ||
</header> | ||
<section1 topic='Introduction' anchor='intro'> | ||
|
||
<p>SASL channel-binding is a technique to increase the security of | ||
connections (&rfc5056;). Unfortunately, the SASL profile specified | ||
in &rfc6120; lacks a method for the server to announce its supported | ||
channel-binding types. This hinders the adoption of channel-binding, | ||
especially since the error protocol to execute after a client | ||
requested a channel-binding type unsupported by the server is | ||
basically unspecified.</p> | ||
|
||
<p>Hence the extension defined herein fills the gap left by | ||
&rfc6120; by allowing the server the announce its supported | ||
channel-binding types.</p> | ||
|
||
</section1> | ||
|
||
<section1 topic='Announcing the SASL Channel-Binding Type Capability' anchor='sasl-cb-type'> | ||
|
||
<p>This specification extends the SASL 'mechanism' element, | ||
qualified by the 'urn:ietf:params:xml:ns:xmpp-sasl' namespace, by an | ||
optional attribute named 'sasl-channel-binding'. This element | ||
contains one or more 'channel-binding' elements, of which each MUST | ||
have an attribute with the name 'type'. The value of the 'type' | ||
attribute SHOULD be the "Channel-binding unique prefix" of a | ||
channel-binding type registered with the &iana-cb-types;.</p> | ||
|
||
<p>An entity declares that it supports particular channel-binding | ||
types, by listing the channel-binding types via the | ||
'sasl-channel-binding' element defined herein.</p> | ||
|
||
<example caption='Example >mechanisms/< stream feature with SASL Channel-Binding Type Capability.'><![CDATA[ | ||
<stream:features> | ||
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'> | ||
<mechanism>EXTERNAL</mechanism> | ||
<mechanism>SCRAM-SHA-1-PLUS</mechanism> | ||
<mechanism>PLAIN</mechanism> | ||
<sasl-channel-binding> | ||
<channel-binding type='tls-server-end-point'/> | ||
<channel-binding type='tls-exporter'/> | ||
</sasl-channel-binding> | ||
</mechanisms> | ||
</stream:features>]]></example> | ||
|
||
</section1> | ||
|
||
<section1 topic='Security Considerations' anchor='security'> | ||
|
||
<p>The author belives that this document itself does not yield any | ||
new security considerations.<note>Hopefully somebody will correct him, in | ||
case he is wrong.</note></p> | ||
|
||
</section1> | ||
|
||
<section1 topic='IANA Considerations' anchor='iana'> | ||
|
||
<p>This document requires no interaction with &IANA;.</p> | ||
|
||
</section1> | ||
|
||
<section1 topic='XMPP Registrar Considerations' anchor='registrar'> | ||
|
||
<p>This document requires no interaction with the XMPP registrar.</p> | ||
|
||
</section1> | ||
|
||
<section1 topic='XML Schema' anchor='schema'> | ||
|
||
<p>TODO: Add if the XEP is scheduled for the state after 'experimental'.</p> | ||
|
||
</section1> | ||
|
||
<section1 topic='Acknowledgements' anchor='acknowledgements'> | ||
|
||
<p>Thanks to Sam Whited for the discussion about the underlying | ||
issue and incentivizing me to come up with this extension.</p> | ||
|
||
</section1> | ||
|
||
</xep> |