Hello, TL;DR: for implementing Easy Group Chats[0], it would be great to have a secure way to automatically follow invitations from trusted users. While MIX does it right, the situation with MUC isn't as nice and clear. To slightly improve, I would like to mandate MUC mediated invitations to contain the inviter's full JID.
While studying XEP-0045, I've stumbled upon this gem in the "Mediated Invitations" section [1]: | The <room@service> itself MUST then add a 'from' address to the | <invite/> element whose value is the bare JID, full JID, or occupant JID | of the inviter [...] From a security perspective, all three have their shortcomings (which reflect different trade-offs): - bare JID / full JID: expose the sender's JID to the receiver, possibly violating a (semi)anonymous room's privacy expectations. - occupant JID: makes it impossible to verify the sender. As part of Easy Group Chats, a client SHOULD follow an invitation to an ad-hoc MUC from a trusted sender (i.e. roster member). In the former case (full/bare JID), the sender's JID is forwarded by the MUC. However, as the MUC is outside of the user's security domain, a malicious MUC could fake the 'from' address, setting it to at least the bare JID of a known contact of the victim, and make a client auto-join an untrusted MUC. In the latter case (occupant JID), the invited client has no way to verify the identity of the inviter, thus being unable to follow the invitation automatically. In either case, there is no way for a client to specify which JID to add into the mediated invitation, and direct invitations (XEP-0249) don't create the affiliation required in a private MUC. Are there any real-world use cases (or implementations) that use bare JID or occupant JID in mediated invitations? If no, I would like to mandate in XEP-0045 that the full JID has to be used, thus allowing the invitee to verify the sender (see if they have a presence from the claimed JID), and to auto-join in a secure fashion. Georg [0] https://wiki.xmpp.org/web/Easy_Group_Chats [1] http://xmpp.org/extensions/xep-0045.html#invite-mediated -- || http://op-co.de ++ GCS d--(++) s: a C+++ UL+++ !P L+++ !E W+++ N ++ || gpg: 0x962FD2DE || o? K- w---() O M V? PS+ PE-- Y++ PGP+ t+ 5 R+ || || Ge0rG: euIRCnet || X(+++) tv+ b+(++) DI+++ D- G e++++ h- r++ y? || ++ IRCnet OFTC OPN ||_________________________________________________||
signature.asc
Description: Digital signature
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
