1667   E2E security with clear transfer

Created: 13 Sep 2019

Status: Triage

Part: Part 8-2 (2018)

Links:

Page: 252

Clause: Annex A.2.2.2

Paragraph:

Issue

In Annex A table A.1 it is indicated that use of E2E security is mandatory. In this case we have two options to choose: clear transfer (not encrypted, but signed PDU) or encrypted transfer (PDU is encrypted and signed). In case of clear transfer, implementation of checking of signature of PDU is not possible since XMPP server(s) used for transferring message over the network can (and in most of the cases do) change layout of XML text of PDU. For example can change order of attributes or exchange double to single quotes in values of attributes.

Proposal

To make clear transfer work it should be either:
- add constraints to XMPP servers to not change a single byte in PDU part
or
- encode PDU using Base64 and place as content of application data element as it is done in case of encrypted PDU

Discussion Created Status
Introducing encoding of PDU using Base64 would create compatibility issues between 8-2 Clients and Servers, as the current normative reference is UTF-8. 23 Mar 23 Triage
The main problem is exacly caused by the fact that XMPP server does not understand the content of E2EPdu and does not know that it should not modify a single byte of the message.
XMPP message is encoded in XML and some alterations are not considered as changes (from XML encoding point of view) and depend on XML processing library used in particular implementation. For example exchage of double to single quotes in attribute values or change of order of attributes in XML element does not mean anything from XML point of view, but will cause problem in this case.
From technical point of view solution with encoding of PDU using Base64 (or something else not affected by XML parser) is easier to implement, because existing implementations of XMPP servers could be used 		21 Mar 23 Triage
The E2EPdu (ClearTransfer or EncrTransfer) is forwarded by the XMPP Server. The XMPP server does not modify the content of the E2EPdu, as it does not process / understand the content.
Adding in A.2.2.2 that the XMPP servers are not allowed to modify a single byte in the PDU part is of course possible to make sure that the security mechanisms work as specified.
21 Mar 23 Triage

 

Privacy | Contact | Disclaimer

Tissue DB v. 23.3.6.1