' and
'' lines.
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
-- Looks like a reference, but probably isn't: '3' on line 481
-- Looks like a reference, but probably isn't: '1' on line 1045
** Obsolete normative reference: RFC 3490 (ref. 'IDNA') (Obsoleted by RFC
5890, RFC 5891)
** Obsolete normative reference: RFC 4646 (ref. 'LANGTAGS') (Obsoleted by
RFC 5646)
** Obsolete normative reference: RFC 3491 (ref. 'NAMEPREP') (Obsoleted by
RFC 5891)
** Obsolete normative reference: RFC 3454 (ref. 'STRINGPREP') (Obsoleted by
RFC 7564)
** Obsolete normative reference: RFC 793 (ref. 'TCP') (Obsoleted by RFC
9293)
** Obsolete normative reference: RFC 4346 (ref. 'TLS') (Obsoleted by RFC
5246)
-- Possible downref: Non-RFC (?) normative reference: ref. 'UCS2'
-- Possible downref: Non-RFC (?) normative reference: ref. 'UNICODE'
** Obsolete normative reference: RFC 3280 (ref. 'X509') (Obsoleted by RFC
5280)
-- Possible downref: Non-RFC (?) normative reference: ref. 'XML'
-- Possible downref: Non-RFC (?) normative reference: ref. 'XML-NAMES'
-- Obsolete informational reference (is this intentional?): RFC 2831 (ref.
'DIGEST-MD5') (Obsoleted by RFC 6331)
-- Obsolete informational reference (is this intentional?): RFC 2616 (ref.
'HTTP') (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234,
RFC 7235)
-- Obsolete informational reference (is this intentional?): RFC 3501 (ref.
'IMAP') (Obsoleted by RFC 9051)
-- Obsolete informational reference (is this intentional?): RFC 3920
(Obsoleted by RFC 6120)
-- Obsolete informational reference (is this intentional?): RFC 3921
(Obsoleted by RFC 6121)
-- Obsolete informational reference (is this intentional?): RFC 2821 (ref.
'SMTP') (Obsoleted by RFC 5321)
== Outdated reference: A later version (-08) exists of
draft-saintandre-rfc3921bis-06
Summary: 8 errors (**), 0 flaws (~~), 6 warnings (==), 20 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 Network Working Group P. Saint-Andre, Ed.
3 Internet-Draft XMPP Standards Foundation
4 Obsoletes: 3920 (if approved) October 16, 2008
5 Intended status: Standards Track
6 Expires: April 19, 2009
8 Extensible Messaging and Presence Protocol (XMPP): Core
9 draft-saintandre-rfc3920bis-08
11 Status of this Memo
13 By submitting this Internet-Draft, each author represents that any
14 applicable patent or other IPR claims of which he or she is aware
15 have been or will be disclosed, and any of which he or she becomes
16 aware will be disclosed, in accordance with Section 6 of BCP 79.
18 Internet-Drafts are working documents of the Internet Engineering
19 Task Force (IETF), its areas, and its working groups. Note that
20 other groups may also distribute working documents as Internet-
21 Drafts.
23 Internet-Drafts are draft documents valid for a maximum of six months
24 and may be updated, replaced, or obsoleted by other documents at any
25 time. It is inappropriate to use Internet-Drafts as reference
26 material or to cite them other than as "work in progress."
28 The list of current Internet-Drafts can be accessed at
29 http://www.ietf.org/ietf/1id-abstracts.txt.
31 The list of Internet-Draft Shadow Directories can be accessed at
32 http://www.ietf.org/shadow.html.
34 This Internet-Draft will expire on April 19, 2009.
36 Abstract
38 This document defines the core features of the Extensible Messaging
39 and Presence Protocol (XMPP), a technology for streaming Extensible
40 Markup Language (XML) elements for the purpose of exchanging
41 structured information in close to real time between any two or more
42 network-aware entities. XMPP provides a generalized, extensible
43 framework for incrementally exchanging XML data, upon which a variety
44 of applications can be built. The framework includes methods for
45 stream setup and teardown, channel encryption, authentication of a
46 client to a server and of one server to another server, and
47 primitives for push-style messages, publication of network
48 availability information ("presence"), and request-response
49 interactions. This document also specifies the format for XMPP
50 addresses, which are fully internationalizable.
52 This document obsoletes RFC 3920.
54 Table of Contents
56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 9
57 1.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 9
58 1.2. Functional Summary . . . . . . . . . . . . . . . . . . . 10
59 1.3. Conventions . . . . . . . . . . . . . . . . . . . . . . 11
60 1.4. Acknowledgements . . . . . . . . . . . . . . . . . . . . 12
61 1.5. Discussion Venue . . . . . . . . . . . . . . . . . . . . 12
62 2. Architecture . . . . . . . . . . . . . . . . . . . . . . . . 12
63 2.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 12
64 2.2. Server . . . . . . . . . . . . . . . . . . . . . . . . . 13
65 2.3. Client . . . . . . . . . . . . . . . . . . . . . . . . . 13
66 2.4. Network . . . . . . . . . . . . . . . . . . . . . . . . 14
67 3. Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . 14
68 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 14
69 3.2. Domain Identifier . . . . . . . . . . . . . . . . . . . 15
70 3.3. Node Identifier . . . . . . . . . . . . . . . . . . . . 16
71 3.4. Resource Identifier . . . . . . . . . . . . . . . . . . 17
72 3.5. Determination of Addresses . . . . . . . . . . . . . . . 18
73 4. TCP Binding . . . . . . . . . . . . . . . . . . . . . . . . . 18
74 4.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . 18
75 4.2. Hostname Resolution . . . . . . . . . . . . . . . . . . 19
76 4.3. Client-to-Server Communication . . . . . . . . . . . . . 20
77 4.4. Server-to-Server Communication . . . . . . . . . . . . . 20
78 4.5. Reconnection . . . . . . . . . . . . . . . . . . . . . . 20
79 4.6. Other Bindings . . . . . . . . . . . . . . . . . . . . . 21
80 5. XML Streams . . . . . . . . . . . . . . . . . . . . . . . . . 21
81 5.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 21
82 5.2. Stream Security . . . . . . . . . . . . . . . . . . . . 23
83 5.3. Stream Attributes . . . . . . . . . . . . . . . . . . . 24
84 5.3.1. from . . . . . . . . . . . . . . . . . . . . . . . . 24
85 5.3.2. to . . . . . . . . . . . . . . . . . . . . . . . . . 26
86 5.3.3. id . . . . . . . . . . . . . . . . . . . . . . . . . 27
87 5.3.4. xml:lang . . . . . . . . . . . . . . . . . . . . . . 27
88 5.3.5. version . . . . . . . . . . . . . . . . . . . . . . 29
89 5.3.6. Summary of Stream Attributes . . . . . . . . . . . . 30
90 5.4. Namespace Declarations . . . . . . . . . . . . . . . . . 30
91 5.5. Stream Features . . . . . . . . . . . . . . . . . . . . 31
92 5.6. Restarts During Stream Negotiation . . . . . . . . . . . 33
93 5.7. Closing a Stream . . . . . . . . . . . . . . . . . . . . 33
94 5.7.1. With Stream Error . . . . . . . . . . . . . . . . . 33
95 5.7.2. Without Stream Error . . . . . . . . . . . . . . . . 34
96 5.7.3. Handling of Idle Streams . . . . . . . . . . . . . . 34
97 5.8. Stream Errors . . . . . . . . . . . . . . . . . . . . . 35
98 5.8.1. Rules . . . . . . . . . . . . . . . . . . . . . . . 35
99 5.8.1.1. Stream Errors Are Unrecoverable . . . . . . . . . 35
100 5.8.1.2. Stream Errors Can Occur During Setup . . . . . . 35
101 5.8.1.3. Stream Errors When the Host is Unspecified or
102 Unknown . . . . . . . . . . . . . . . . . . . . . 36
103 5.8.2. Syntax . . . . . . . . . . . . . . . . . . . . . . . 37
104 5.8.3. Defined Stream Error Conditions . . . . . . . . . . 38
105 5.8.3.1. bad-format . . . . . . . . . . . . . . . . . . . 38
106 5.8.3.2. bad-namespace-prefix . . . . . . . . . . . . . . 38
107 5.8.3.3. conflict . . . . . . . . . . . . . . . . . . . . 39
108 5.8.3.4. connection-timeout . . . . . . . . . . . . . . . 40
109 5.8.3.5. host-gone . . . . . . . . . . . . . . . . . . . . 40
110 5.8.3.6. host-unknown . . . . . . . . . . . . . . . . . . 41
111 5.8.3.7. improper-addressing . . . . . . . . . . . . . . . 42
112 5.8.3.8. internal-server-error . . . . . . . . . . . . . . 42
113 5.8.3.9. invalid-from . . . . . . . . . . . . . . . . . . 43
114 5.8.3.10. invalid-id . . . . . . . . . . . . . . . . . . . 43
115 5.8.3.11. invalid-namespace . . . . . . . . . . . . . . . . 44
116 5.8.3.12. invalid-xml . . . . . . . . . . . . . . . . . . . 44
117 5.8.3.13. not-authorized . . . . . . . . . . . . . . . . . 45
118 5.8.3.14. policy-violation . . . . . . . . . . . . . . . . 46
119 5.8.3.15. remote-connection-failed . . . . . . . . . . . . 47
120 5.8.3.16. resource-constraint . . . . . . . . . . . . . . . 47
121 5.8.3.17. restricted-xml . . . . . . . . . . . . . . . . . 48
122 5.8.3.18. see-other-host . . . . . . . . . . . . . . . . . 48
123 5.8.3.19. system-shutdown . . . . . . . . . . . . . . . . . 49
124 5.8.3.20. undefined-condition . . . . . . . . . . . . . . . 50
125 5.8.3.21. unsupported-encoding . . . . . . . . . . . . . . 50
126 5.8.3.22. unsupported-stanza-type . . . . . . . . . . . . . 51
127 5.8.3.23. unsupported-version . . . . . . . . . . . . . . . 51
128 5.8.3.24. xml-not-well-formed . . . . . . . . . . . . . . . 52
129 5.8.4. Application-Specific Conditions . . . . . . . . . . 53
130 5.9. Simplified Stream Examples . . . . . . . . . . . . . . . 53
131 6. STARTTLS Negotiation . . . . . . . . . . . . . . . . . . . . 55
132 6.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 56
133 6.2. Rules . . . . . . . . . . . . . . . . . . . . . . . . . 56
134 6.2.1. Data Formatting . . . . . . . . . . . . . . . . . . 56
135 6.2.2. Order of Negotiation . . . . . . . . . . . . . . . . 56
136 6.3. Process . . . . . . . . . . . . . . . . . . . . . . . . 57
137 6.3.1. Exchange of Stream Headers and Stream Features . . . 57
138 6.3.2. Initiation of STARTTLS Negotiation . . . . . . . . . 58
139 6.3.2.1. STARTTLS Command . . . . . . . . . . . . . . . . 58
140 6.3.2.2. Failure Case . . . . . . . . . . . . . . . . . . 58
141 6.3.2.3. Proceed Case . . . . . . . . . . . . . . . . . . 59
142 6.3.3. TLS Negotiation . . . . . . . . . . . . . . . . . . 59
143 6.3.3.1. Rules . . . . . . . . . . . . . . . . . . . . . . 59
144 6.3.3.2. TLS Failure . . . . . . . . . . . . . . . . . . . 60
145 6.3.3.3. TLS Success . . . . . . . . . . . . . . . . . . . 60
146 7. SASL Negotiation . . . . . . . . . . . . . . . . . . . . . . 61
147 7.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 61
148 7.2. Rules . . . . . . . . . . . . . . . . . . . . . . . . . 61
149 7.2.1. Mechanism Preferences . . . . . . . . . . . . . . . 61
150 7.2.2. Mechanism Offers . . . . . . . . . . . . . . . . . . 62
151 7.2.3. Data Formatting . . . . . . . . . . . . . . . . . . 62
152 7.2.4. Security Layers . . . . . . . . . . . . . . . . . . 63
153 7.2.5. Simple Usernames . . . . . . . . . . . . . . . . . . 63
154 7.2.6. Authorization Identities . . . . . . . . . . . . . . 63
155 7.2.7. Round Trips . . . . . . . . . . . . . . . . . . . . 64
156 7.3. Process . . . . . . . . . . . . . . . . . . . . . . . . 64
157 7.3.1. Exchange of Stream Headers and Stream Features . . . 64
158 7.3.2. Initiation . . . . . . . . . . . . . . . . . . . . . 66
159 7.3.3. Challenge-Response Sequence . . . . . . . . . . . . 66
160 7.3.4. Abort . . . . . . . . . . . . . . . . . . . . . . . 67
161 7.3.5. Failure . . . . . . . . . . . . . . . . . . . . . . 67
162 7.3.6. Success . . . . . . . . . . . . . . . . . . . . . . 68
163 7.4. SASL Errors . . . . . . . . . . . . . . . . . . . . . . 69
164 7.4.1. aborted . . . . . . . . . . . . . . . . . . . . . . 69
165 7.4.2. account-disabled . . . . . . . . . . . . . . . . . . 70
166 7.4.3. credentials-expired . . . . . . . . . . . . . . . . 70
167 7.4.4. encryption-required . . . . . . . . . . . . . . . . 70
168 7.4.5. incorrect-encoding . . . . . . . . . . . . . . . . . 71
169 7.4.6. invalid-authzid . . . . . . . . . . . . . . . . . . 71
170 7.4.7. invalid-mechanism . . . . . . . . . . . . . . . . . 71
171 7.4.8. malformed-request . . . . . . . . . . . . . . . . . 71
172 7.4.9. mechanism-too-weak . . . . . . . . . . . . . . . . . 72
173 7.4.10. not-authorized . . . . . . . . . . . . . . . . . . . 72
174 7.4.11. temporary-auth-failure . . . . . . . . . . . . . . . 73
175 7.4.12. transition-needed . . . . . . . . . . . . . . . . . 73
176 7.5. SASL Definition . . . . . . . . . . . . . . . . . . . . 73
177 8. Resource Binding . . . . . . . . . . . . . . . . . . . . . . 74
178 8.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 74
179 8.2. Advertising Support . . . . . . . . . . . . . . . . . . 75
180 8.3. Generation of Resource Identifiers . . . . . . . . . . . 75
181 8.4. Server-Generated Resource Identifier . . . . . . . . . . 76
182 8.4.1. Success Case . . . . . . . . . . . . . . . . . . . . 76
183 8.4.2. Error Cases . . . . . . . . . . . . . . . . . . . . 76
184 8.4.2.1. Resource Constraint . . . . . . . . . . . . . . . 76
185 8.4.2.2. Not Allowed . . . . . . . . . . . . . . . . . . . 77
186 8.5. Client-Submitted Resource Identifier . . . . . . . . . . 77
187 8.5.1. Success Case . . . . . . . . . . . . . . . . . . . . 77
188 8.5.2. Error Cases . . . . . . . . . . . . . . . . . . . . 78
189 8.5.2.1. Bad Request . . . . . . . . . . . . . . . . . . . 78
190 8.5.2.2. Conflict . . . . . . . . . . . . . . . . . . . . 78
191 8.5.3. Retries . . . . . . . . . . . . . . . . . . . . . . 79
193 8.6. Binding Multiple Resources . . . . . . . . . . . . . . . 79
194 8.6.1. Support . . . . . . . . . . . . . . . . . . . . . . 80
195 8.6.2. Binding an Additional Resource . . . . . . . . . . . 80
196 8.6.3. Unbinding a Resource . . . . . . . . . . . . . . . . 80
197 8.6.3.1. Success Case . . . . . . . . . . . . . . . . . . 80
198 8.6.3.2. Error Cases . . . . . . . . . . . . . . . . . . . 81
199 8.6.4. From Addresses . . . . . . . . . . . . . . . . . . . 81
200 9. XML Stanzas . . . . . . . . . . . . . . . . . . . . . . . . . 82
201 9.1. Common Attributes . . . . . . . . . . . . . . . . . . . 82
202 9.1.1. to . . . . . . . . . . . . . . . . . . . . . . . . . 83
203 9.1.1.1. Client-to-Server Streams . . . . . . . . . . . . 83
204 9.1.1.2. Server-to-Server Streams . . . . . . . . . . . . 83
205 9.1.2. from . . . . . . . . . . . . . . . . . . . . . . . . 83
206 9.1.2.1. Client-to-Server Streams . . . . . . . . . . . . 84
207 9.1.2.2. Server-to-Server Streams . . . . . . . . . . . . 84
208 9.1.3. id . . . . . . . . . . . . . . . . . . . . . . . . . 85
209 9.1.4. type . . . . . . . . . . . . . . . . . . . . . . . . 85
210 9.1.5. xml:lang . . . . . . . . . . . . . . . . . . . . . . 85
211 9.2. Basic Semantics . . . . . . . . . . . . . . . . . . . . 86
212 9.2.1. Message Semantics . . . . . . . . . . . . . . . . . 86
213 9.2.2. Presence Semantics . . . . . . . . . . . . . . . . . 87
214 9.2.3. IQ Semantics . . . . . . . . . . . . . . . . . . . . 87
215 9.3. Stanza Errors . . . . . . . . . . . . . . . . . . . . . 89
216 9.3.1. Rules . . . . . . . . . . . . . . . . . . . . . . . 89
217 9.3.2. Syntax . . . . . . . . . . . . . . . . . . . . . . . 89
218 9.3.3. Defined Conditions . . . . . . . . . . . . . . . . . 91
219 9.3.3.1. bad-request . . . . . . . . . . . . . . . . . . . 91
220 9.3.3.2. conflict . . . . . . . . . . . . . . . . . . . . 91
221 9.3.3.3. feature-not-implemented . . . . . . . . . . . . . 92
222 9.3.3.4. forbidden . . . . . . . . . . . . . . . . . . . . 92
223 9.3.3.5. gone . . . . . . . . . . . . . . . . . . . . . . 93
224 9.3.3.6. internal-server-error . . . . . . . . . . . . . . 93
225 9.3.3.7. item-not-found . . . . . . . . . . . . . . . . . 94
226 9.3.3.8. jid-malformed . . . . . . . . . . . . . . . . . . 94
227 9.3.3.9. not-acceptable . . . . . . . . . . . . . . . . . 95
228 9.3.3.10. not-allowed . . . . . . . . . . . . . . . . . . . 95
229 9.3.3.11. not-authorized . . . . . . . . . . . . . . . . . 96
230 9.3.3.12. not-modified . . . . . . . . . . . . . . . . . . 96
231 9.3.3.13. payment-required . . . . . . . . . . . . . . . . 97
232 9.3.3.14. recipient-unavailable . . . . . . . . . . . . . . 98
233 9.3.3.15. redirect . . . . . . . . . . . . . . . . . . . . 99
234 9.3.3.16. registration-required . . . . . . . . . . . . . . 99
235 9.3.3.17. remote-server-not-found . . . . . . . . . . . . . 100
236 9.3.3.18. remote-server-timeout . . . . . . . . . . . . . . 100
237 9.3.3.19. resource-constraint . . . . . . . . . . . . . . . 100
238 9.3.3.20. service-unavailable . . . . . . . . . . . . . . . 101
239 9.3.3.21. subscription-required . . . . . . . . . . . . . . 101
240 9.3.3.22. undefined-condition . . . . . . . . . . . . . . . 102
241 9.3.3.23. unexpected-request . . . . . . . . . . . . . . . 103
242 9.3.3.24. unknown-sender . . . . . . . . . . . . . . . . . 104
243 9.3.4. Application-Specific Conditions . . . . . . . . . . 104
244 9.4. Extended Content . . . . . . . . . . . . . . . . . . . . 105
245 9.5. Stanza Size . . . . . . . . . . . . . . . . . . . . . . 106
246 10. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 106
247 10.1. Client-to-Server . . . . . . . . . . . . . . . . . . . . 106
248 10.1.1. TLS . . . . . . . . . . . . . . . . . . . . . . . . 107
249 10.1.2. SASL . . . . . . . . . . . . . . . . . . . . . . . . 108
250 10.1.3. Resource Binding . . . . . . . . . . . . . . . . . . 109
251 10.1.4. Stanza Exchange . . . . . . . . . . . . . . . . . . 110
252 10.1.5. Close . . . . . . . . . . . . . . . . . . . . . . . 111
253 10.2. Server-to-Server Examples . . . . . . . . . . . . . . . 111
254 10.2.1. TLS . . . . . . . . . . . . . . . . . . . . . . . . 111
255 10.2.2. SASL . . . . . . . . . . . . . . . . . . . . . . . . 113
256 10.2.3. Stanza Exchange . . . . . . . . . . . . . . . . . . 114
257 10.2.4. Close . . . . . . . . . . . . . . . . . . . . . . . 115
258 11. Server Rules for Processing XML Stanzas . . . . . . . . . . . 115
259 11.1. No 'to' Address . . . . . . . . . . . . . . . . . . . . 115
260 11.1.1. Overview . . . . . . . . . . . . . . . . . . . . . . 115
261 11.1.2. Message . . . . . . . . . . . . . . . . . . . . . . 116
262 11.1.3. Presence . . . . . . . . . . . . . . . . . . . . . . 116
263 11.1.4. IQ . . . . . . . . . . . . . . . . . . . . . . . . . 116
264 11.2. Local Domain . . . . . . . . . . . . . . . . . . . . . . 116
265 11.2.1. Mere Domain . . . . . . . . . . . . . . . . . . . . 117
266 11.2.2. Domain with Resource . . . . . . . . . . . . . . . . 117
267 11.2.3. Node at Domain . . . . . . . . . . . . . . . . . . . 117
268 11.2.3.1. No Such User . . . . . . . . . . . . . . . . . . 117
269 11.2.3.2. Bare JID . . . . . . . . . . . . . . . . . . . . 117
270 11.2.3.3. Full JID . . . . . . . . . . . . . . . . . . . . 118
271 11.3. Foreign Domain . . . . . . . . . . . . . . . . . . . . . 118
272 11.3.1. Existing Stream . . . . . . . . . . . . . . . . . . 118
273 11.3.2. No Existing Stream . . . . . . . . . . . . . . . . . 118
274 11.3.3. Error Handling . . . . . . . . . . . . . . . . . . . 119
275 12. XML Usage . . . . . . . . . . . . . . . . . . . . . . . . . . 119
276 12.1. Restrictions . . . . . . . . . . . . . . . . . . . . . . 119
277 12.2. XML Namespace Names and Prefixes . . . . . . . . . . . . 120
278 12.2.1. Streams Namespace . . . . . . . . . . . . . . . . . 120
279 12.2.2. Default Namespace . . . . . . . . . . . . . . . . . 120
280 12.2.3. Extended Namespaces . . . . . . . . . . . . . . . . 121
281 12.3. Well-Formedness . . . . . . . . . . . . . . . . . . . . 122
282 12.4. Validation . . . . . . . . . . . . . . . . . . . . . . . 123
283 12.5. Inclusion of Text Declaration . . . . . . . . . . . . . 123
284 12.6. Character Encoding . . . . . . . . . . . . . . . . . . . 123
285 12.7. Whitespace . . . . . . . . . . . . . . . . . . . . . . . 124
286 12.8. XML Versions . . . . . . . . . . . . . . . . . . . . . . 124
287 13. Compliance Requirements . . . . . . . . . . . . . . . . . . . 124
288 13.1. Servers . . . . . . . . . . . . . . . . . . . . . . . . 124
289 13.2. Clients . . . . . . . . . . . . . . . . . . . . . . . . 125
290 14. Internationalization Considerations . . . . . . . . . . . . . 125
291 15. Security Considerations . . . . . . . . . . . . . . . . . . . 126
292 15.1. High Security . . . . . . . . . . . . . . . . . . . . . 126
293 15.2. Certificates . . . . . . . . . . . . . . . . . . . . . . 126
294 15.2.1. Certificate Generation . . . . . . . . . . . . . . . 126
295 15.2.1.1. Server Certificates . . . . . . . . . . . . . . . 126
296 15.2.1.2. Client Certificates . . . . . . . . . . . . . . . 128
297 15.2.1.3. ASN.1 Object Identifier . . . . . . . . . . . . . 129
298 15.2.2. Certificate Validation . . . . . . . . . . . . . . . 129
299 15.2.2.1. Server-to-Server Streams . . . . . . . . . . . . 130
300 15.2.2.2. Client-to-Server Streams . . . . . . . . . . . . 131
301 15.2.2.3. Use of Certificates in XMPP Extensions . . . . . 132
302 15.3. Client-to-Server Communication . . . . . . . . . . . . . 132
303 15.4. Server-to-Server Communication . . . . . . . . . . . . . 133
304 15.5. Order of Layers . . . . . . . . . . . . . . . . . . . . 133
305 15.6. Lack of SASL Channel Binding to TLS . . . . . . . . . . 134
306 15.7. Mandatory-to-Implement Technologies . . . . . . . . . . 134
307 15.8. Firewalls . . . . . . . . . . . . . . . . . . . . . . . 135
308 15.9. Use of base64 in SASL . . . . . . . . . . . . . . . . . 135
309 15.10. Stringprep Profiles . . . . . . . . . . . . . . . . . . 135
310 15.11. Address Spoofing . . . . . . . . . . . . . . . . . . . . 136
311 15.11.1. Address Forging . . . . . . . . . . . . . . . . . . 136
312 15.11.2. Address Mimicking . . . . . . . . . . . . . . . . . 137
313 15.12. Denial of Service . . . . . . . . . . . . . . . . . . . 138
314 15.13. Presence Leaks . . . . . . . . . . . . . . . . . . . . . 139
315 15.14. Directory Harvesting . . . . . . . . . . . . . . . . . . 140
316 16. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 140
317 16.1. XML Namespace Name for TLS Data . . . . . . . . . . . . 140
318 16.2. XML Namespace Name for SASL Data . . . . . . . . . . . . 140
319 16.3. XML Namespace Name for Stream Errors . . . . . . . . . . 140
320 16.4. XML Namespace Name for Resource Binding . . . . . . . . 141
321 16.5. XML Namespace Name for Stanza Errors . . . . . . . . . . 141
322 16.6. Nodeprep Profile of Stringprep . . . . . . . . . . . . . 141
323 16.7. Resourceprep Profile of Stringprep . . . . . . . . . . . 142
324 16.8. GSSAPI Service Name . . . . . . . . . . . . . . . . . . 142
325 16.9. Port Numbers . . . . . . . . . . . . . . . . . . . . . . 142
326 17. References . . . . . . . . . . . . . . . . . . . . . . . . . 142
327 17.1. Normative References . . . . . . . . . . . . . . . . . . 142
328 17.2. Informative References . . . . . . . . . . . . . . . . . 145
329 Appendix A. Nodeprep . . . . . . . . . . . . . . . . . . . . . . 148
330 A.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 148
331 A.2. Character Repertoire . . . . . . . . . . . . . . . . . . 149
332 A.3. Mapping . . . . . . . . . . . . . . . . . . . . . . . . 149
333 A.4. Normalization . . . . . . . . . . . . . . . . . . . . . 149
334 A.5. Prohibited Output . . . . . . . . . . . . . . . . . . . 149
335 A.6. Bidirectional Characters . . . . . . . . . . . . . . . . 150
336 A.7. Notes . . . . . . . . . . . . . . . . . . . . . . . . . 150
338 Appendix B. Resourceprep . . . . . . . . . . . . . . . . . . . . 150
339 B.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 151
340 B.2. Character Repertoire . . . . . . . . . . . . . . . . . . 151
341 B.3. Mapping . . . . . . . . . . . . . . . . . . . . . . . . 151
342 B.4. Normalization . . . . . . . . . . . . . . . . . . . . . 151
343 B.5. Prohibited Output . . . . . . . . . . . . . . . . . . . 151
344 B.6. Bidirectional Characters . . . . . . . . . . . . . . . . 152
345 Appendix C. XML Schemas . . . . . . . . . . . . . . . . . . . . 152
346 C.1. Streams Namespace . . . . . . . . . . . . . . . . . . . 152
347 C.2. Stream Error Namespace . . . . . . . . . . . . . . . . . 154
348 C.3. STARTTLS Namespace . . . . . . . . . . . . . . . . . . . 156
349 C.4. SASL Namespace . . . . . . . . . . . . . . . . . . . . . 156
350 C.5. Resource Binding Namespace . . . . . . . . . . . . . . . 158
351 C.6. Stanza Error Namespace . . . . . . . . . . . . . . . . . 159
352 Appendix D. Contact Addresses . . . . . . . . . . . . . . . . . 161
353 Appendix E. Account Provisioning . . . . . . . . . . . . . . . . 161
354 Appendix F. Differences From RFC 3920 . . . . . . . . . . . . . 161
355 Appendix G. Copying Conditions . . . . . . . . . . . . . . . . . 162
356 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
357 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 164
358 Intellectual Property and Copyright Statements . . . . . . . . . 165
360 1. Introduction
362 1.1. Overview
364 The Extensible Messaging and Presence Protocol (XMPP) is an
365 application profile of the Extensible Markup Language [XML] for
366 streaming XML data in close to real time between any two (or more)
367 network-aware entities. XMPP is typically used to exchange messages,
368 share presence information, and engage in structured request-response
369 interactions. The basic syntax and semantics of XMPP were developed
370 originally within the Jabber open-source community, mainly in 1999.
371 In late 2002, the XMPP Working Group was chartered with developing an
372 adaptation of the core Jabber protocol that would be suitable as an
373 IETF instant messaging (IM) and presence technology. As a result of
374 work by the XMPP WG, [RFC3920] and [RFC3921] were published in
375 October 2004, representing the most complete definition of XMPP at
376 that time.
378 As a result of extensive implementation and deployment experience
379 with XMPP since 2004, as well as more formal interoperability testing
380 carried out under the auspices of the XMPP Standards Foundation
381 (XSF), this document reflects consensus from the XMPP developer
382 community regarding XMPP's core XML streaming technology. In
383 particular, this document incorporates the following backward-
384 compatible changes from RFC 3920:
386 o Incorporated corrections and errata
387 o Added examples throughout
388 o Clarified and more completely specified matters that were
389 underspecified
390 o Modified text to reflect updated technologies for which XMPP is a
391 using protocol, e.g., Transport Layer Security (TLS) and the
392 Simple Authentication and Security Layer (SASL)
393 o Defined several additional stream, stanza, and SASL error
394 conditions
395 o Removed the deprecated DIGEST-MD5 SASL mechanism [DIGEST-MD5] as a
396 mandatory-to-implement technology
397 o Added the TLS plus the SASL PLAIN mechanism [PLAIN] as a
398 mandatory-to-implement technology
399 o Defined of optional support for multiple resources over the same
400 connection
401 o Transferred historical documentation for the server dialback
402 protocol from this specification to a separate specification
404 Therefore, this document defines the core features of XMPP 1.0, thus
405 obsoleting RFC 3920.
407 Note: [XMPP-IM] defines the XMPP features needed to provide the
408 basic instant messaging and presence functionality that is
409 described in [IMP-REQS].
411 1.2. Functional Summary
413 This non-normative section provides a developer-friendly, functional
414 summary of XMPP; refer to the sections that follow for a normative
415 definition of XMPP.
417 The purpose of XMPP is to enable the exchange of relatively small
418 pieces of structured data (called "XML stanzas") over a network
419 between any two (or more) entities. XMPP is implemented using a
420 client-server architecture, wherein a client needs to connect to a
421 server in order to gain access to the network and thus be allowed to
422 exchange XML stanzas with other entities (which can be associated
423 with other servers). The process whereby a client connects to a
424 server, exchanges XML stanzas, and ends the connection is:
426 1. Determine the hostname and port at which to connect
427 2. Open a TCP connection
428 3. Open an XML stream
429 4. Complete TLS negotiation for channel encryption (recommended)
430 5. Complete SASL negotiation for authentication
431 6. Bind a resource to the stream
432 7. Exchange an unbounded number of XML stanzas with other entities
433 on the network
434 8. Close the XML stream
435 9. Close the TCP connection
437 Within XMPP, one server can optionally connect to another server to
438 enable inter-domain or inter-server communication. For this to
439 happen, the two servers need to negotiate a connection between
440 themselves and then exchange XML stanzas; the process for doing so
441 is:
443 1. Determine the hostname and port at which to connect
444 2. Open a TCP connection
445 3. Open an XML stream
446 4. Complete TLS negotiation for channel encryption (recommended)
447 5. Complete SASL negotiation for authentication *
448 6. Exchange an unbounded number of XML stanzas both directly for the
449 servers and indirectly on behalf of entities associated with each
450 server (e.g., connected clients)
451 7. Close the XML stream
452 8. Close the TCP connection
453 * Note: Depending on local service policies, it is possible that a
454 deployed server will use the older server dialback protocol to
455 provide weak identity verification in cases where SASL negotiation
456 would not result in strong authentication (e.g., because TLS
457 negotiation was not mandated by the peer server, or because the
458 certificate presented by the peer server during TLS negotiation is
459 self-signed and thus provides only weak identity); for details,
460 see [XEP-0220].
462 In the sections following discussion of XMPP architecture and XMPP
463 addresses, this document specifies how clients connect to servers and
464 specifies the basic semantics of XML stanzas. However, this document
465 does not define the "payloads" of the XML stanzas that might be
466 exchanged once a connection is successfully established; instead,
467 those payloads are defined by various XMPP extensions. For example,
468 [XMPP-IM] defines extensions for basic instant messaging and presence
469 functionality. In addition, various specifications produced in the
470 XSF's XEP series [XEP-0001] define extensions for a wide range of
471 more advanced functionality.
473 1.3. Conventions
475 The following capitalized keywords are to be interpreted as described
476 in [TERMS]: "MUST", "SHALL", "REQUIRED"; "MUST NOT", "SHALL NOT";
477 "SHOULD", "RECOMMENDED"; "SHOULD NOT", "NOT RECOMMENDED"; "MAY",
478 "OPTIONAL".
480 The term "whitespace" is used to refer to any character that matches
481 production [3] content of [XML], i.e., any instance of SP, HT, CR,
482 and LF.
484 Following the "XML Notation" used in [IRI] to represent characters
485 that cannot be rendered in ASCII-only documents, some examples in
486 this document use the form "...." as a notational device to
487 represent Unicode characters (e.g., the string "ř" stands for
488 the Unicode character LATIN SMALL LETTER R WITH CARON).
490 In examples, lines have been wrapped for improved readability,
491 "[...]" means elision, and the following prepended strings are used
492 (these prepended strings are not to be sent over the wire):
494 o C: = a client
495 o E: = any XMPP entity
496 o I: = an initiating entity
497 o P: = a peer server
498 o R: = a receiving entity
499 o S: = a server
500 o S1: = server1
501 o S2: = server2
503 1.4. Acknowledgements
505 The editor of this document finds it impossible to appropriately
506 acknowledge the many individuals who have provided comments regarding
507 the protocols defined herein. However, thanks are due to those who
508 have who have provided implementation feedback, bug reports, requests
509 for clarification, and suggestions for improvement since the
510 publication of the RFC this document supersedes. The editor has
511 endeavored to address all such feedback, but is solely responsible
512 for any remaining errors and ambiguities.
514 1.5. Discussion Venue
516 The document editor and the broader XMPP developer community welcome
517 discussion and comments related to the topics presented in this
518 document. The preferred forum is the mailing
519 list, for which archives and subscription information are available
520 at .
522 2. Architecture
524 2.1. Overview
526 XMPP assumes a client-server architecture, wherein a client utilizing
527 XMPP accesses a server (normally over a [TCP] connection) and servers
528 can also communicate with each other over TCP connections.
530 A simplified architectural diagram for a typical deployment is shown
531 here, where the entities have the following significance:
533 o romeo@example.net -- an XMPP user.
534 o example.net -- an XMPP server.
535 o im.example.com -- an XMPP server.
536 o juliet@im.example.com -- an XMPP user.
538 example.net ---------------- im.example.com
539 | |
540 | |
541 romeo@example.net juliet@im.example.com
542 Note: Architectures that employ XML streams (Section 5) and XML
543 stanzas (Section 9) but that establish peer-to-peer connections
544 directly between clients using technologies based on [LINKLOCAL]
545 have been deployed, but such architectures are not XMPP and are
546 best described as "XMPP-like"; for details, see [XEP-0174]. In
547 addition, XML streams can be established end-to-end over any
548 reliable transport, including extensions to XMPP itself; for
549 details, see [XEP-0246].
551 2.2. Server
553 A SERVER is an entity whose primary responsibilities are to:
555 o Manage XML streams (Section 5) with local clients and deliver XML
556 stanzas (Section 9) to those clients over the negotiated XML
557 streams.
558 o Subject to local service policies on server-to-server
559 communication, manage XML streams (Section 5) with foreign servers
560 and route XML stanzas (Section 9) to those servers over the
561 negotiated XML streams.
563 Depending on the application, the secondary responsibilities of an
564 XMPP server can include:
566 o Storing XML data that is used by clients (e.g., contact lists for
567 users of XMPP-based instant messaging and presence applications as
568 defined in [XMPP-IM]); in this case, the relevant XML stanza is
569 handled directly by the server itself on behalf of the client and
570 is not routed to a foreign server or delivered to a local entity.
571 o Hosting local services that also use XMPP as the basis for
572 communication but that provide additional functionality beyond
573 that defined in this document or in [XMPP-IM]; examples include
574 multi-user conferencing services as specified in [XEP-0045] and
575 publish-subscribe services as specified in [XEP-0060].
577 2.3. Client
579 A CLIENT is an entity that establishes an XML stream with a server by
580 authenticating using the credentials of a local account and that then
581 completes resource binding (Section 8) in order to enable delivery of
582 XML stanzas via the server to the client. A client then uses XMPP to
583 communicate with its server, other clients, and any other accessible
584 entities on a network. Multiple clients can connect simultaneously
585 to a server on behalf of a local account, where each client is
586 differentiated by the resource identifier portion of an XMPP address
587 (e.g., vs. ), as defined under
588 Section 3 and Section 8. The RECOMMENDED port for TCP connections
589 between a client and a server is 5222, as registered with the IANA
590 (see Section 16.9).
592 2.4. Network
594 Because each server is identified by a network address and because
595 server-to-server communication is a straightforward extension of the
596 client-to-server protocol, in practice the system consists of a
597 network of servers that inter-communicate. Thus, for example,
598 is able to exchange messages, presence, and
599 other information with . This pattern is familiar
600 from messaging protocols (such as [SMTP]) that make use of network
601 addressing standards. Communication between any two servers is
602 OPTIONAL. The RECOMMENDED port for TCP connections between servers
603 is 5269, as registered with the IANA (see Section 16.9).
605 3. Addresses
607 3.1. Overview
609 An ENTITY is anything that is network-addressable and that can
610 communicate using XMPP. For historical reasons, the native address
611 of an XMPP entity is called a JABBER IDENTIFIER or JID. A valid JID
612 contains a set of ordered elements formed of an XMPP node identifier,
613 domain identifier, and resource identifier.
615 The syntax for a JID is defined as follows using the Augmented
616 Backus-Naur Form as specified in [ABNF].
618 jid = [ node "@" ] domain [ "/" resource ]
619 node = 1*(nodepoint)
620 ; a "nodepoint" is a UTF-8 encoded Unicode code
621 ; point that satisfies the Nodeprep profile of
622 ; stringprep
623 domain = fqdn / address-literal
624 fqdn = *(ldhlabel ".") toplabel
625 ldhlabel = letdig [*61(ldh) letdig]
626 toplabel = ALPHA *61(ldh) letdig
627 letdig = ALPHA / DIGIT
628 ldh = ALPHA / DIGIT / "-"
629 address-literal = IPv4address / IPv6address
630 ; the "IPv4address" and "IPv6address" rules are
631 ; defined in RFC 3986
632 resource = 1*(resourcepoint)
633 ; a "resourcepoint" is a UTF-8 encoded Unicode
634 ; code point that satisfies the Resourceprep
635 ; profile of stringprep
637 All JIDs are based on the foregoing structure. One common use of
638 this structure is to identify a messaging and presence account, the
639 server that hosts the account, and a connected resource (e.g., a
640 specific device) in the form of . However,
641 node types other than clients are possible; for example, a specific
642 chat room offered by a multi-user conference service (see [XEP-0045])
643 could be addressed as (where "room" is the name of the
644 chat room and "service" is the hostname of the multi-user conference
645 service) and a specific occupant of such a room could be addressed as
646 (where "nick" is the occupant's room nickname).
647 Many other JID types are possible (e.g., could be a
648 server-side script or service).
650 Each allowable portion of a JID (node identifier, domain identifier,
651 and resource identifier) MUST NOT be more than 1023 bytes in length,
652 resulting in a maximum total size (including the '@' and '/'
653 separators) of 3071 bytes.
655 Note: While the format of a JID is consistent with [URI], an
656 entity's address on an XMPP network MUST be represented as a JID
657 (without a URI scheme) and not a [URI] or [IRI] as specified in
658 [XMPP-URI]; the latter specification is provided only for
659 identification and interaction outside the context of the XMPP
660 wire protocol itself.
662 3.2. Domain Identifier
664 The DOMAIN IDENTIFIER portion of a JID is that portion after the '@'
665 character (if any) and before the '/' character (if any); it is the
666 primary identifier and is the only REQUIRED element of a JID (a mere
667 domain identifier is a valid JID). Typically a domain identifier
668 identifies the "home" server to which clients connect for XML routing
669 and data management functionality. However, it is not necessary for
670 an XMPP domain identifier to identify an entity that provides core
671 XMPP server functionality (e.g., a domain identifier can identity an
672 entity such as a multi-user conference service, a publish-subscribe
673 service, or a user directory).
675 Note: A single server can service multiple domain identifiers,
676 i.e., multiple local domains; this is typically referred to as
677 virtual hosting.
679 The domain identifier for every server or service that will
680 communicate over a network SHOULD be a fully qualified domain name
681 (see [DNS]); while the domain identifier MAY be either an Internet
682 Protocol (IPv4 or IPv6) address or a text label that is resolvable on
683 a local network (commonly called an "unqualified hostname"), it is
684 possible that domain identifiers that are IP addresses will not be
685 acceptable to other services for the sake of interdomain
686 communication. Furthermore, domain identifiers that are unqualified
687 hostnames MUST NOT be used on public networks but MAY be used on
688 private networks.
690 Note: If the domain identifier includes a final character
691 considered to be a label separator (dot) by [IDNA] or [DNS], this
692 character MUST be stripped from the domain identifier before the
693 JID of which it is a part is used for the purpose of routing an
694 XML stanza, comparing against another JID, or constructing an
695 [XMPP-URI]; in particular, the character MUST be stripped before
696 any other canonicalization steps are taken, such as application of
697 the [NAMEPREP] profile of [STRINGPREP] or completion of the
698 ToASCII operation as described in [IDNA].
700 A domain identifier MUST be an "internationalized domain name" as
701 defined in [IDNA], that is, "a domain name in which every label is an
702 internationalized label". When preparing a text label (consisting of
703 a sequence of Unicode code points) for representation as an
704 internationalized label in the process of constructing an XMPP domain
705 identifier or comparing two XMPP domain identifiers, an application
706 MUST ensure that for each text label it is possible to apply without
707 failing the ToASCII operation specified in [IDNA] with the
708 UseSTD3ASCIIRules flag set (thus forbidding ASCII code points other
709 than letters, digits, and hyphens). If the ToASCII operation can be
710 applied without failing, then the label is an internationalized
711 label. An internationalized domain name (and therefore an XMPP
712 domain identifier) is constructed from its constituent
713 internationalized labels by following the rules specified in [IDNA].
715 Note: The ToASCII operation includes application of the [NAMEPREP]
716 profile of [STRINGPREP] and encoding using the algorithm specified
717 in [PUNYCODE]; for details, see [IDNA]. Although the output of
718 the ToASCII operation is not used in XMPP, it MUST be possible to
719 apply that operation without failing.
721 3.3. Node Identifier
723 The NODE IDENTIFIER portion of a JID is an optional secondary
724 identifier placed before the domain identifier and separated from the
725 latter by the '@' character. Typically a node identifier uniquely
726 identifies the entity requesting and using network access provided by
727 a server (i.e., a local account), although it can also represent
728 other kinds of entities (e.g., a chat room associated with a multi-
729 user conference service). The entity represented by an XMPP node
730 identifier is addressed within the context of a specific domain.
732 A node identifier MUST be formatted such that the Nodeprep profile of
734 [STRINGPREP] can be applied without failing (see Appendix A). Before
735 comparing two node identifiers, an application MUST first ensure that
736 the Nodeprep profile has been applied to each identifier (the profile
737 need not be applied each time a comparison is made, as long as it has
738 been applied before comparison).
740 3.4. Resource Identifier
742 The RESOURCE IDENTIFIER portion of a JID is an optional tertiary
743 identifier placed after the domain identifier and separated from the
744 latter by the '/' character. A resource identifier can modify either
745 a address or a mere address. Typically a
746 resource identifier uniquely identifies a specific connection (e.g.,
747 a device or location) or object (e.g., a participant in a multi-user
748 conference room) belonging to the entity associated with an XMPP node
749 identifier at a local domain.
751 When an XMPP address does not include a resource identifier (i.e.,
752 when it is of the form or ), it is referred to
753 as a BARE JID. When an XMPP address includes a resource identifier
754 (i.e., when it is of the form or
755 ), is referred to as a FULL JID.
757 A resource identifier MUST be formatted such that the Resourceprep
758 profile of [STRINGPREP] can be applied without failing (see
759 Appendix B). Before comparing two resource identifiers, an
760 application MUST first ensure that the Resourceprep profile has been
761 applied to each identifier (the profile need not be applied each time
762 a comparison is made, as long as it has been applied before
763 comparison).
765 Note: For historical reasons, the term "resource identifier" is
766 used in XMPP to refer to the optional portion of an XMPP address
767 that follows the domain identifier and the "/" separator
768 character; this use of the term "resource identifier" is not to be
769 confused with the meanings of "resource" and "identifier" provided
770 in Section 1.1 of [URI].
772 XMPP entities SHOULD consider resource identifiers to be opaque
773 strings and SHOULD NOT impute meaning to any given resource
774 identifier. In paticular, the use of the '/' character as a
775 separator between the domain identifier and the resource identifier
776 does not imply that resource identifiers are hierarchical in the say
777 that, say, HTTP addresses are hierarchical; thus for example an XMPP
778 address of the form does not identify a
779 resource "bar" that exists below a resource "foo" in a hierarchy of
780 resources associated with the entity "node@domain".
782 3.5. Determination of Addresses
784 After the parties to an XML stream have completed the appropriate
785 aspects of stream negotiation (typically SASL negotiation (Section 7)
786 and, if appropriate, resource binding (Section 8)) the receiving
787 entity for a stream MUST determine the initiating entity's JID.
789 For server-to-server communication, the initiating server's JID MUST
790 be the authorization identity (as defined by [SASL]), either (1) as
791 directly communicated by the initiating server during SASL
792 negotiation (Section 7) or (2) as derived by the receiving server
793 from the authentication identity if no authorization identity was
794 specified during SASL negotiation (Section 7). (For information
795 about the determination of addresses in the absence of SASL
796 negotiation when the older server dialback protocol is used, see
797 [XEP-0220].)
799 For client-to-server communication, the client's bare JID
800 () MUST be the authorization identity (as defined by
801 [SASL]), either (1) as directly communicated by the client during
802 SASL negotiation (Section 7) or (2) as derived by the server from the
803 authentication identity if no authorization identity was specified
804 during SASL negotiation (Section 7). The resource identifier portion
805 of the full JID () MUST be the resource
806 identifier negotiated by the client and server during resource
807 binding (Section 8).
809 The receiving entity MUST ensure that the resulting JID (including
810 node identifier, domain identifier, resource identifier, and
811 separator characters) conforms to the rules and formats defined
812 earlier in this section; to meet this restriction, the receiving
813 entity MAY replace the JID sent by the initiating entity with the
814 canonicalized JID as determined by the receiving entity.
816 4. TCP Binding
818 4.1. Scope
820 As XMPP is defined in this specification, an initiating entity
821 (client or server) MUST open a Transmission Control Protocol [TCP]
822 connection at the receiving entity (server) before it negotiates XML
823 streams with the receiving entity. The rules specified in the
824 following sections apply to the TCP binding.
826 4.2. Hostname Resolution
828 Before opening the TCP connection, the initiating entity first MUST
829 resolve the Domain Name System (DNS) hostname associated with the
830 receiving entity and determine the appropriate TCP port for
831 communication with the receiving entity. The process is:
833 1. Attempt to resolve the hostname using (a) a [DNS-SRV] Service of
834 "xmpp-client" (for client-to-server connections) or "xmpp-server"
835 (for server-to-server connections) and (b) a Proto of "tcp",
836 resulting in resource records such as "_xmpp-
837 client._tcp.example.net." or "_xmpp-server._tcp.im.example.com.".
838 The result of the SRV lookup will be one or more combinations of
839 a port and hostname, which hostnames the initiating entity MUST
840 resolve according to returned SRV record weight (if the result of
841 the SRV lookup is a single RR with a Target of ".", i.e. the root
842 domain, the initiating entity MUST abort SRV processing but
843 SHOULD attempt a fallback resolution as described below). The
844 initiating entity uses the IP address(es) from the first
845 successfully resolved hostname (with the corresponding port
846 number returned by the SRV lookup) in order to connect to the
847 receiving entity. If the initiating entity fails to connect
848 using one of the IP addresses, the initiating entity uses the
849 next resolved IP address to connect. If the initiating entity
850 fails to connect using all resolved IP addresses, then the
851 initiating entity repeats the process of resolution and
852 connection for the next hostname returned by the SRV lookup.
853 2. If the SRV lookup aborts or fails, the fallback SHOULD be a
854 normal IPv4 or IPv6 address record resolution to determine the IP
855 address, where the port used is the "xmpp-client" port of 5222
856 for client-to-server connections or the "xmpp-server" port 5269
857 for server-to-server connections.
858 3. For client-to-server connections, the fallback MAY be a [DNS-TXT]
859 lookup for alternative connection methods, for example as
860 described in [XEP-0156].
862 Note: If the initiating entity has been explicitly configured to
863 associate a particular hostname (and potentially port) with the
864 original hostname of the receiving entity (say, to "hardcode" an
865 association between an original hostname of example.net and a
866 configured hostname and of webcm.example.com:80), the initiating
867 entity SHALL use the configured name instead of performing the
868 foregoing resolution process on the original name.
870 Note: Many XMPP servers are implemented in such a way that they
871 can host additional services (beyond those defined in this
872 specification and [XMPP-IM]) at hostnames that are subdomains of
873 the hostname of the main XMPP service (e.g.,
874 conference.example.net for a [XEP-0045] service associated with
875 the example.net XMPP service) or subdomains of the first-level
876 domain of the underlying host (e.g., muc.example.com for a
877 [XEP-0045] service associated with the im.example.com XMPP
878 service). If an entity from a remote domain wishes to use such
879 additional services, it would generate an appropriate XML stanza
880 and the remote domain itself would attempt to resolve the
881 service's hostname via an SRV lookup on resource records such as
882 "_xmpp-server._tcp.conference.example.net." or "_xmpp-
883 server._tcp.muc.example.com.". Therefore if a service wishes to
884 enable entities from remote domains to access these additional
885 services, it needs to advertise the appropriate "_xmpp-server" SRV
886 records in addition to the "_xmpp-server" record for its main XMPP
887 service.
889 4.3. Client-to-Server Communication
891 Because a client is subordinate to a server and therefore a client
892 authenticates to the server but the server does not necessarily
893 authenticate to the client, it is necessary to have only one TCP
894 connection between client and server. Thus the server MUST allow the
895 client to share a single TCP connection for XML stanzas sent from
896 client to server and from server to client (i.e., the inital stream
897 and response stream as specified under Section 5).
899 4.4. Server-to-Server Communication
901 Because two servers are peers and therefore each peer MUST
902 authenticate with the other, the servers MUST use two TCP
903 connections: one for XML stanzas sent from the first server to the
904 second server and another (initiated by the second server) for XML
905 stanzas from the second server to the first server.
907 This rule applies only to XML stanzas (Section 9). Therefore during
908 STARTTLS negotiation (Section 6) and SASL negotiation (Section 7) the
909 servers would use one TCP connection, but after stream setup that TCP
910 connection would be used only for the initiating server to send XML
911 stanzas to the receiving server. In order for the receiving server
912 to send XML stanzas to the initiating server, the receiving server
913 would need to reverse the roles and negotiate an XML stream from the
914 receiving server to the initiating server.
916 4.5. Reconnection
918 It can happen that an XMPP server goes offline while servicing TCP
919 connections from local clients and from other servers. Because the
920 number of such connections can be quite large, the reconnection
921 algorithm employed by entities that seek to reconnect can have a
922 significant impact on software and network performance. The
923 following guidelines are RECOMMENDED:
925 o The time to live (TTL) specified in Domain Name System records
926 MUST be honored, even if DNS results are cached; if the TTL has
927 not expired, an entity that seeks to reconnect MUST NOT re-resolve
928 the server hostname before reconnecting.
929 o The time that expires before an entity first seeks to reconnect
930 MUST be randomized (e.g., so that all clients do not attempt to
931 reconnect exactly 30 seconds after being disconnected).
932 o If the first reconnection attempt does not succeed, an entity MUST
933 back off increasingly on the time between subsequent reconnection
934 attempts.
936 Note: Because it is possible that a disconnected entity cannot
937 determine the cause of disconnection (e.g., because there was no
938 explicit stream error) or does not require a new stream for
939 immediate communication (e.g., because the stream was idle and
940 therefore timed out), it SHOULD NOT assume that is needs to
941 reconnect immediately.
943 4.6. Other Bindings
945 There is no necessary coupling of an XML stream to a TCP connection.
946 For example, two entities could connect to each other via another
947 transport, such as [HTTP] as specified in [XEP-0124] and [XEP-0206].
948 Although this specification neither encourages nor discourages other
949 bindings, it defines only a binding of XMPP to TCP.
951 5. XML Streams
953 5.1. Overview
955 Two fundamental concepts make possible the rapid, asynchronous
956 exchange of relatively small payloads of structured information
957 between presence-aware entities: XML streams and XML stanzas. These
958 terms are defined as follows.
960 Definition of XML Stream: An XML STREAM is a container for the
961 exchange of XML elements between any two entities over a network.
962 The start of an XML stream is denoted unambiguously by an opening
963 STREAM HEADER (i.e., an XML tag with appropriate
964 attributes and namespace declarations), while the end of the XML
965 stream is denoted unambiguously by a closing XML tag.
966 During the life of the stream, the entity that initiated it can
967 send an unbounded number of XML elements over the stream, either
968 elements used to negotiate the stream (e.g., to complete TLS
969 negotiation (Section 6) or SASL negotiation (Section 7)) or XML
970 stanzas. The INITIAL STREAM is negotiated from the initiating
971 entity (typically a client or server) to the receiving entity
972 (typically a server), and can be seen as corresponding to the
973 initiating entity's "connection" or "session" with the receiving
974 entity. The initial stream enables unidirectional communication
975 from the initiating entity to the receiving entity; in order to
976 enable information exchange from the receiving entity to the
977 initiating entity, the receiving entity MUST negotiate a stream in
978 the opposite direction (the RESPONSE STREAM).
979 Definition of XML Stanza: An XML STANZA is a discrete semantic unit
980 of structured information that is sent from one entity to another
981 over an XML stream, and is the basic unit of meaning in XMPP. An
982 XML stanza exists at the direct child level of the root
983 element; the start of any XML stanza is denoted unambiguously by
984 the element start tag at depth=1 of the XML stream (e.g.,
985 ), and the end of any XML stanza is denoted
986 unambiguously by the corresponding close tag at depth=1 (e.g.,
987 ). The only XML stanzas defined herein are the
988 , , and elements qualified by the
989 default namespace for the stream, as described under Section 9;
990 for example, an XML element sent for the purpose of TLS
991 negotiation (Section 6) or SASL negotiation (Section 7) is not
992 considered to be an XML stanza, nor is a stream error or a stream
993 feature. An XML stanza MAY contain child elements (with
994 accompanying attributes, elements, and XML character data) as
995 necessary in order to convey the desired information, which MAY be
996 qualified by any XML namespace (see [XML-NAMES] as well as
997 Section 9.4 herein).
999 Consider the example of a client's connection to a server. In order
1000 to connect to a server, a client initiates an XML stream by sending a
1001 stream header to the server, optionally preceded by a text
1002 declaration specifying the XML version and the character encoding
1003 supported (see Section 12.5 and Section 12.6). Subject to local
1004 policies and service provisioning, the server then replies with a
1005 second XML stream back to the client, again optionally preceded by a
1006 text declaration. Once the client has completed SASL negotiation
1007 (Section 7) and resource binding (Section 8), the client can send an
1008 unbounded number of XML stanzas over the stream. When the client
1009 desires to close the stream, it simply sends a closing tag
1010 to the server as further described under Section 5.7.
1012 In essence, then, an XML stream acts as an envelope for all the XML
1013 stanzas sent during a connection. We can represent this in a
1014 simplistic fashion as follows.
1016 +--------------------+
1017 | |
1018 |--------------------|
1019 | |
1020 | |
1021 | |
1022 |--------------------|
1023 | |
1024 | |
1025 | |
1026 |--------------------|
1027 | |
1028 | |
1029 | |
1030 |--------------------|
1031 | |
1032 | |
1033 | |
1034 |--------------------|
1035 | [ ... ] |
1036 |--------------------|
1037 | |
1038 +--------------------+
1040 Note: Those who are accustomed to thinking of XML in a document-
1041 centric manner might view a client's connection to a server as
1042 consisting of two open-ended XML documents: one from the client to
1043 the server and one from the server to the client. On this
1044 analogy, the two XML streams can be considered equivalent to two
1045 "documents" (matching production [1] content of [XML]) that are
1046 built up through the accumulation of XML stanzas, the root
1047 element can be considered equivalent to the "document
1048 entity" for each "document" (as described in Section 4.8 of
1049 [XML]), and the XML stanzas sent over the streams can be
1050 considered equivalent to "fragments" of the "documents" as
1051 described in [XML-FRAG]. However, this perspective is merely an
1052 analogy; XMPP does not deal in documents and fragments but in
1053 streams and stanzas.
1055 5.2. Stream Security
1057 For the purpose of stream security, both Transport Layer Security
1058 (see Section 6) and the Simple Authentication and Security Layer (see
1059 Section 7) are mandatory to implement. Use of these technologies
1060 results in high security as described under Section 15.1.
1062 The initial stream and the response stream MUST be secured
1063 separately, although security in both directions MAY be established
1064 via mechanisms that provide mutual authentication.
1066 The initiating entity MUST NOT attempt to send XML stanzas
1067 (Section 9) over the stream before the stream has been authenticated.
1068 However, if it does attempt to do so, the receiving entity MUST NOT
1069 accept such stanzas and MUST return a stream error.
1070 This rule applies to XML stanzas only (i.e., , ,
1071 and elements qualified by the default namespace) and not to XML
1072 elements used for stream negotiation (e.g., elements used to complete
1073 TLS negotiation (Section 6) or SASL negotiation (Section 7)).
1075 5.3. Stream Attributes
1077 The attributes of the root element are defined in the
1078 following sections.
1080 Note: The attributes of the root element are not
1081 prepended by a 'stream:' prefix because, as explained in
1082 [XML-NAMES], "[d]efault namespace declarations do not apply
1083 directly to attribute names; the interpretation of unprefixed
1084 attributes is determined by the element on which they appear."
1086 5.3.1. from
1088 The 'from' attribute communicates an XMPP identity of the entity
1089 sending the stream element.
1091 Note: It is possible for an entity to have more than one XMPP
1092 identity (e.g., in the case of a server that provides virtual
1093 hosting). It is also possible that an entity does not know the
1094 XMPP identity of the principal controlling the entity (e.g.,
1095 because the XMPP identity is assigned at a level other than the
1096 XMPP application layer, as in the General Security Service
1097 Application Program Interface [GSS-API]).
1099 For initial stream headers in client-to-server communication, if the
1100 client knows the XMPP identity of the principal controlling the
1101 client (typically an account name of the form ), then it
1102 MUST include the 'from' attribute and MUST set its value to that
1103 identity. If the client does not know the XMPP identity of the
1104 principal controlling the client, then it MUST NOT include the 'from'
1105 attribute.
1107 I:
1108
1116 For initial stream headers in server-to-server communication, a
1117 server MUST include the 'from' attribute and MUST set its value to a
1118 hostname serviced by the initiating entity.
1120 I:
1121
1129 For response stream headers in both client-to-server and server-to-
1130 server communication, the receiving entity MUST include the 'from'
1131 attribute and MUST set its value to a hostname serviced by the
1132 receiving entity (which MAY be a hostname other than that specified
1133 in the 'to' attribute of the initial stream header).
1135 R:
1136
1145 Whether or not the 'from' attribute is included, each entity MUST
1146 verify the identity of the other entity before exchanging XML stanzas
1147 with it (see Section 15.3 and Section 15.4).
1149 Note: It is possible that implementations based on an earlier
1150 revision of this specification will not include the 'from' address
1151 on stream headers; an entity SHOULD be liberal in accepting such
1152 stream headers.
1154 5.3.2. to
1156 For initial stream headers in both client-to-server and server-to-
1157 server communication, the initiating entity MUST include the 'to'
1158 attribute and MUST set its value to a hostname that the initiating
1159 entity knows or expects the receiving entity to service.
1161 I:
1162
1170 For response stream headers in client-to-server communication, if the
1171 client included a 'from' attribute in the initial stream header then
1172 the server MUST include a 'to' attribute in the response stream
1173 header and MUST set its value to the bare JID specified in the 'from'
1174 attribute of the initial stream header. If the client did not
1175 include a 'from' attribute in the initial stream header then the
1176 server MUST NOT include a 'to' attribute in the response stream
1177 header.
1179 R:
1180
1189 For response stream headers in server-to-server communication, the
1190 receiving entity MUST include a 'to' attribute in the response stream
1191 header and MUST set its value to the hostname specified in the 'from'
1192 attribute of the initial stream header.
1194 R:
1195
1204 Whether or not the 'to' attribute is included, each entity MUST
1205 verify the identity of the other entity before exchanging XML stanzas
1206 with it (see Section 15.3 and Section 15.4).
1208 Note: It is possible that implementations based on an earlier
1209 revision of this specification will not include the 'from' address
1210 on stream headers; an entity SHOULD be liberal in accepting such
1211 stream headers.
1213 5.3.3. id
1215 The 'id' attribute communicates a unique identifier for the stream.
1216 This identifier is called a STREAM ID. The stream ID MUST be
1217 generated by the receiving entity when it sends a response stream
1218 header, MUST BE unique within the receiving application (normally a
1219 server), and MUST be both unpredictable and nonrepeating because it
1220 can be security-critical (see [RANDOM] for recommendations regarding
1221 randomness for security purposes).
1223 For initial stream headers, the initiating entity MUST NOT include
1224 the 'id' attribute; however, if the 'id' attribute is included, the
1225 receiving entity MUST silently ignore it.
1227 For response stream headers, the receiving entity MUST include the
1228 'id' attribute.
1230 R:
1231
1240 5.3.4. xml:lang
1242 The 'xml:lang' attribute communicates an entity's preferred or
1243 default language for any human-readable XML character data to be sent
1244 over the stream. The syntax of this attribute is defined in Section
1245 2.12 of [XML]; in particular, the value of the 'xml:lang' attribute
1246 MUST conform to the NMTOKEN datatype (as defined in Section 2.3 of
1247 [XML]) and MUST conform to the language identifier format defined in
1248 [LANGTAGS].
1250 For initial stream headers, the initiating entity SHOULD include the
1251 'xml:lang' attribute.
1253 I:
1254
1262 For response stream headers, the receiving entity MUST include the
1263 'xml:lang' attribute. If the initiating entity included an 'xml:
1264 lang' attribute in its initial stream header and the receiving entity
1265 supports that language in the human-readable XML character data that
1266 it generates and sends to the initiating entity (e.g., in the
1267 element for stream and stanza errors), the value of the 'xml:lang'
1268 attribute MUST be identifier for the initiating entity's preferred
1269 language; if the receiving entity supports a language that closely
1270 matches the initiating entity's preferred language (e.g., "de"
1271 instead of "de-CH"), then the value of the 'xml:lang' attribute
1272 SHOULD be the identifier for the matching language but MAY be the
1273 identifier for the default language of the receiving entity; if the
1274 receiving entity does not support the initiating entity's preferred
1275 language or a closely matching language (or the initiating entity did
1276 not include the 'xml:lang' attribute in its initial stream header),
1277 then the value of the 'xml:lang' attribute MUST be the identifier for
1278 the default language of the receiving entity.
1280 R:
1281
1290 If the initiating entity included the 'xml:lang' attribute in its
1291 initial stream header, the receiving entity SHOULD remember that
1292 value as the default xml:lang for all stanzas sent by the initiating
1293 entity. As described under Section 9.1.5, the initiating entity MAY
1294 include the 'xml:lang' attribute in any XML stanzas it sends over the
1295 stream. If the initiating entity does not include the 'xml:lang'
1296 attribute in any such stanza, the receiving entity SHOULD add the
1297 'xml:lang' attribute to the stanza, whose value MUST be the
1298 identifier for the language preferred by the initiating entity (even
1299 if the receiving entity does not support that language for human-
1300 readable XML character data it generates and sends to the initiating
1301 entity, such as in stream or stanza errors). If the initiating
1302 entity includes the 'xml:lang' attribute in any such stanza, the
1303 receiving entity MUST NOT modify or delete it.
1305 5.3.5. version
1307 The inclusion of the version attribute set to a value of at least
1308 "1.0" signals support for the stream-related protocols defined in
1309 this specification, including (TLS negotiation (Section 6), SASL
1310 negotiation (Section 7), Section 5.5, and stream errors
1311 (Section 5.8).
1313 The version of XMPP specified herein is "1.0"; in particular, XMPP
1314 1.0 encapsulates the stream-related protocols as well as the basic
1315 semantics of the three defined XML stanza types ( ,
1316 , and ).
1318 The numbering scheme for XMPP versions is ".". The
1319 major and minor numbers MUST be treated as separate integers and each
1320 number MAY be incremented higher than a single digit. Thus, "XMPP
1321 2.4" would be a lower version than "XMPP 2.13", which in turn would
1322 be lower than "XMPP 12.3". Leading zeros (e.g., "XMPP 6.01") MUST be
1323 ignored by recipients and MUST NOT be sent.
1325 The major version number will be incremented only if the stream and
1326 stanza formats or required actions have changed so dramatically that
1327 an older version entity would not be able to interoperate with a
1328 newer version entity if it simply ignored the elements and attributes
1329 it did not understand and took the actions specified in the older
1330 specification.
1332 The minor version number will be incremented only if significant new
1333 capabilities have been added to the core protocol (e.g., a newly
1334 defined value of the 'type' attribute for message, presence, or IQ
1335 stanzas). The minor version number MUST be ignored by an entity with
1336 a smaller minor version number, but MAY be used for informational
1337 purposes by the entity with the larger minor version number (e.g.,
1338 the entity with the larger minor version number would simply note
1339 that its correspondent would not be able to understand that value of
1340 the 'type' attribute and therefore would not send it).
1342 The following rules apply to the generation and handling of the
1343 'version' attribute within stream headers:
1345 1. The initiating entity MUST set the value of the 'version'
1346 attribute in the initial stream header to the highest version
1347 number it supports (e.g., if the highest version number it
1348 supports is that defined in this specification, it MUST set the
1349 value to "1.0").
1350 2. The receiving entity MUST set the value of the 'version'
1351 attribute in the response stream header to either the value
1352 supplied by the initiating entity or the highest version number
1353 supported by the receiving entity, whichever is lower. The
1354 receiving entity MUST perform a numeric comparison on the major
1355 and minor version numbers, not a string match on
1356 ".".
1357 3. If the version number included in the response stream header is
1358 at least one major version lower than the version number included
1359 in the initial stream header and newer version entities cannot
1360 interoperate with older version entities as described, the
1361 initiating entity SHOULD generate an
1362 stream error.
1363 4. If either entity receives a stream header with no 'version'
1364 attribute, the entity MUST consider the version supported by the
1365 other entity to be "0.9" and SHOULD NOT include a 'version'
1366 attribute in the response stream header.
1368 5.3.6. Summary of Stream Attributes
1370 The following table summarizes the attributes of the root
1371 element.
1373 +----------+--------------------------+-------------------------+
1374 | | initiating to receiving | receiving to initiating |
1375 +----------+--------------------------+-------------------------+
1376 | to | JID of receiver | JID of initiator |
1377 | from | JID of initiator | JID of receiver |
1378 | id | silently ignored | stream identifier |
1379 | xml:lang | default language | default language |
1380 | version | XMPP 1.0+ supported | XMPP 1.0+ supported |
1381 +----------+--------------------------+-------------------------+
1383 5.4. Namespace Declarations
1385 The stream element MUST possess both a streams namespace declaration
1386 and a default namespace declaration (as "namespace declaration" is
1387 defined in [XML-NAMES]). For detailed information regarding the
1388 streams namespace and default namespace, see Section 12.2.
1390 5.5. Stream Features
1392 If the initiating entity includes the 'version' attribute set to a
1393 value of at least "1.0" in the initial stream header, after sending
1394 the response stream header the receiving entity MUST send a
1395 child element (prefixed by the streams namespace prefix)
1396 to the initiating entity in order to announce any stream-level
1397 features that can be negotiated or capabilities that otherwise need
1398 to be advertised.
1400 R:
1401
1409 R:
1410
1411
1412
1413
1415 Stream features are used mainly to advertise TLS negotiation
1416 (Section 6), SASL negotiation (Section 7), and resource binding
1417 (Section 8); however, stream features also can be used to advertise
1418 features associated with various XMPP extensions.
1420 If it is mandatory for a feature to be successfully negotiated before
1421 the initiating entity will be allowed to proceed with the sending of
1422 XML stanzas or with further steps of the stream negotiation, the
1423 advertisement of that feature SHOULD include an empty
1424 child element but MAY include neither a element not an
1425 element (i.e., features default to required).
1427 R:
1428
1429
1430
1431
1433 If successful negotiation of a feature is discretionary, the
1434 advertisement of that feature MUST include an empty child
1435 element.
1437 R:
1438
1439
1440
1441
1443 If an entity does not understand or support a feature that has been
1444 advertised, it MUST still inspect the feature advertisement to
1445 determine if negotiation of the feature is mandatory. If negotiation
1446 of an unsupported feature is mandatory (as determined by inclusion of
1447 the child element or the absence of an child
1448 element), then the entity MUST abort the stream negotiation process.
1449 If negotiation of an unsupported feature is discretionary (as
1450 determined by inclusion of the child element or the
1451 absence of a child element), the entity MUST silently ignore the
1452 associated feature advertisement and proceed with the stream
1453 negotiation process.
1455 Note: Implementations based on an earlier revision of this
1456 specification do not include the child element and
1457 they include the child element only in the case of the
1458 STARTTLS feature. Entities MUST accept stream feature
1459 advertisements without the child elements, and SHOULD consider
1460 consider negotiation of such features to be discretionary.
1462 If it is necessary for a feature to be successfully negotiated before
1463 the initiating entity is allowed to proceed with the sending a non-
1464 security-related feature or with further steps of the stream
1465 negotiation, the receiving entity SHOULD NOT advertise any other
1466 stream features until the mandatory feature has been successfully
1467 negotiated; however, if the mandatory feature is security-critical
1468 (e.g., STARTTLS or SASL) then the receiving entity MUST NOT advertise
1469 any other stream features until the security-critical feature has
1470 been successfully negotiated.
1472 The order of child elements contained in any given
1473 element is not significant.
1475 After completing negotiation of any stream feature (even stream
1476 features that do not require a stream restart), the receiving entity
1477 MUST send an updated list of stream features to the initiating
1478 entity. However, if there are no features to be advertised then the
1479 receiving entity MUST send an empty element.
1481 R:
1482
1491 R:
1493 At any time after stream establishment, the receiving entity MAY send
1494 additional or modified stream feature advertisements (e.g., because a
1495 new feature has been enabled).
1497 5.6. Restarts During Stream Negotiation
1499 Certain stream features require the initiating entity to send a new
1500 initial stream header on successful negotiation of the feature (e.g.,
1501 after successful negotiation of TLS or SASL). Both parties MUST
1502 consider the previous stream to be replaced on successful feature
1503 negotiation but MUST NOT terminate the underlying TCP connection;
1504 instead, the parties MUST reuse the existing connection, which might
1505 be in a new state (e.g., encrypted as a result of TLS negotiation).
1506 When the receiving entity receives the new initial stream header, it
1507 MUST generate a new stream ID (instead of re-using the old stream ID)
1508 before sending a new response stream header.
1510 5.7. Closing a Stream
1512 An XML stream between two entities can be closed because a stream
1513 error has occurred or in some cases in the absence of an error.
1514 Where feasible, it is preferable to close a stream only if a stream
1515 error has occurred.
1517 A stream is closed by sending a closing tag over the TCP
1518 connection.
1520 S:
1522 After an entity sends a closing stream tag, it MUST NOT send further
1523 data over that stream.
1525 5.7.1. With Stream Error
1527 If a stream error has occurred, the entity that detects the error
1528 MUST close the stream as described under Section 5.8.1.
1530 5.7.2. Without Stream Error
1532 At any time after XML streams have been negotiated between two
1533 entities, either entity MAY close its stream to the other party in
1534 the absence of a stream error by sending a closing stream tag.
1536 P:
1538 The entity that sends the closing stream tag SHOULD wait for the
1539 other party to also close its stream.
1541 S:
1543 However, the entity that sends the first closing stream tag MAY
1544 consider both streams to be void if the other party does not send its
1545 closing stream tag within a reasonable amount of time (where the
1546 definition of "reasonable" is a matter of implementation or
1547 deployment).
1549 After the entity that sent the first closing stream tag receives a
1550 reciprocal closing stream tag from the other party (or if it
1551 considers the stream to be void after a reasonable amount of time),
1552 it MUST terminate the underlying TCP connection or connections.
1554 5.7.3. Handling of Idle Streams
1556 An XML stream can become idle, i.e., neither entity has sent XMPP
1557 traffic over the stream for some period of time. A server MAY close
1558 an idle stream with a local client or remote server, preferably
1559 through use of the stream error. The idle
1560 timeout period is a matter of implementation and local service
1561 policy; however, it is RECOMMENDED to be liberal in accepting idle
1562 streams, since experience has shown that doing so improves the
1563 reliability of communications over XMPP networks. In particular, it
1564 is typically more efficient to maintain a stream between two servers
1565 than it is to aggressively timeout such a stream, especially with
1566 regard to synchronization of presence information as described in
1567 [XMPP-IM]; therefore it is RECOMMENDED to maintain such a stream
1568 since experience has shown that server-to-server streams are cyclical
1569 and typically need to be re-established every 24 to 48 hours if they
1570 are timed out.
1572 An XML stream can appear idle at the XMPP level because the undelying
1573 TCP connection has become idle (e.g., a client's network connection
1574 has been lost). The typical method for detecting an idle TCP
1575 connection is to send a space character (U+0020) over the TCP
1576 connection between XML stanzas, which is allowed for XML streams as
1577 described under Section 12.7. The sending of such a space character
1578 is called a WHITESPACE PING. The time between such whitespace pings
1579 is a matter of implementation and local service policy; however, it
1580 is RECOMMENDED that these pings be sent not more than once every 60
1581 seconds.
1583 5.8. Stream Errors
1585 The root stream element MAY contain an child element that is
1586 prefixed by the streams namespace prefix. The error child shall be
1587 sent by a compliant entity if it perceives that a stream-level error
1588 has occurred.
1590 5.8.1. Rules
1592 The following rules apply to stream-level errors.
1594 5.8.1.1. Stream Errors Are Unrecoverable
1596 Stream-level errors are unrecoverable. Therefore, if an error occurs
1597 at the level of the stream, the entity that detects the error MUST
1598 send a element with an appropriate child element that
1599 specifies the error condition and at the same time send a closing
1600 tag.
1602 C:
1604 S:
1605
1607
1608
1610 The entity that generates the stream error then SHOULD immediately
1611 terminate the underlying TCP connection, although it MAY wait until
1612 after it receives a closing tag from the entity to which it
1613 sent the stream error.
1615 C:
1617 5.8.1.2. Stream Errors Can Occur During Setup
1619 If the error is triggered by the initial stream header, the receiving
1620 entity MUST still send the opening tag, include the
1621 element as a child of the stream element, and send the closing
1622 tag (preferably all at the same time).
1624 C:
1625
1633 S:
1634
1643
1645
1646
1648 5.8.1.3. Stream Errors When the Host is Unspecified or Unknown
1650 If the initiating entity provides no 'to' attribute or provides an
1651 unknown host in the 'to' attribute and the error occurs during stream
1652 setup, the receiving entity MUST provide an authoritative hostname in
1653 the 'from' attribute of the stream header sent before termination.
1655 C:
1656
1664 S:
1665
1673
1674
1676
1677
1679 5.8.2. Syntax
1681 The syntax for stream errors is as follows, where "defined-condition"
1682 is a placeholder for one of the conditions defined under
1683 Section 5.8.3.
1685
1686
1687 [
1689 [ ... descriptive text ... ]
1690 ]
1691 [application-specific condition element]
1692
1694 The element:
1696 o MUST contain a child element corresponding to one of the defined
1697 stream error conditions (Section 5.8.3); this element MUST be
1698 qualified by the 'urn:ietf:params:xml:ns:xmpp-streams' namespace.
1699 o MAY contain a child element containing XML character data
1700 that describes the error in more detail; this element MUST be
1701 qualified by the 'urn:ietf:params:xml:ns:xmpp-streams' namespace
1702 and SHOULD possess an 'xml:lang' attribute specifying the natural
1703 language of the XML character data.
1704 o MAY contain a child element for an application-specific error
1705 condition; this element MUST be qualified by an application-
1706 defined namespace, and its structure is defined by that namespace
1707 (see Section 5.8.4).
1709 The element is OPTIONAL. If included, it MUST be used only
1710 to provide descriptive or diagnostic information that supplements the
1711 meaning of a defined condition or application-specific condition. It
1712 MUST NOT be interpreted programmatically by an application. It MUST
1713 NOT be used as the error message presented to a human user, but MAY
1714 be shown in addition to the error message associated with the defined
1715 condition element (and, optionally, the application-specific
1716 condition element).
1718 5.8.3. Defined Stream Error Conditions
1720 The following stream-level error conditions are defined.
1722 5.8.3.1. bad-format
1724 The entity has sent XML that cannot be processed.
1726 (In the following example, the client sends an XMPP message that is
1727 not well-formed XML.)
1729 C:
1730 No closing body tag!
1731
1733 S:
1734
1736
1737
1739 This error MAY be used instead of the more specific XML-related
1740 errors, such as , , , , and . However,
1742 the more specific errors are RECOMMENDED.
1744 5.8.3.2. bad-namespace-prefix
1746 The entity has sent a namespace prefix that is unsupported, or has
1747 sent no namespace prefix on an element that requires such a prefix
1748 (see Section 12.2).
1750 (In the following example, the client specifies a namespace prefix of
1751 "foobar" for the XML streams namespace.)
1753 C:
1754
1761 S:
1762
1770
1771
1773
1774
1776 5.8.3.3. conflict
1778 The server is either (1) closing the existing stream for this entity
1779 because a new stream has been initiated that conflicts with the
1780 existing stream, or (2) is refusing a new stream for this entity
1781 because allowing the new stream would conflict with an existing
1782 stream (e.g., because the server allows only a certain number of
1783 connections from the same IP address).
1785 C:
1786
1793 S:
1794
1802
1803
1805
1806
1808 5.8.3.4. connection-timeout
1810 The entity has not generated any traffic over the stream for some
1811 period of time (configurable according to a local service policy) and
1812 therefore the connection is being dropped.
1814 P:
1815
1817
1818
1820 5.8.3.5. host-gone
1822 The value of the 'to' attribute provided in the initial stream header
1823 corresponds to a hostname that is no longer serviced by the receiving
1824 entity.
1826 (In the following example, the peer specifies a 'to' address of
1827 "foo.im.example.com" when connecting to the "im.example.com" server,
1828 but the server no longer hosts a service at that address.)
1829 P:
1830
1837 S:
1838
1846
1847
1849
1850
1852 5.8.3.6. host-unknown
1854 The value of the 'to' attribute provided in the initial stream header
1855 does not correspond to a hostname that is serviced by the receiving
1856 entity.
1858 (In the following example, the peer specifies a 'to' address of
1859 "example.org" when connecting to the "im.example.com" server, but the
1860 server knows nothing of that address.)
1861 P:
1862
1869 S:
1870
1878
1879
1881
1882
1884 5.8.3.7. improper-addressing
1886 A stanza sent between two servers lacks a 'to' or 'from' attribute,
1887 the 'from' or 'to' attribute has no value, or the value is not a
1888 valid XMPP address.
1890 (In the following example, the peer sends a stanza without a 'to'
1891 address.)
1893 P:
1894 Wherefore art thou?
1895
1897 S:
1898
1900
1901
1903 5.8.3.8. internal-server-error
1905 The server has experienced a misconfiguration or an otherwise-
1906 undefined internal error that prevents it from servicing the stream.
1908 S:
1909
1911
1912
1914 5.8.3.9. invalid-from
1916 The JID or hostname provided in a 'from' address is not a valid JID
1917 or does not match an authorized JID or validated domain as negotiated
1918 between servers via SASL or server dialback, or as negotiated between
1919 a client and a server via authentication and resource binding.
1921 (In the following example, a peer that has authenticated only as
1922 "example.net" attempts to send a stanza from an address at
1923 "example.org".)
1925 P:
1926 Neither, fair saint, if either thee dislike.
1927
1929 S:
1930
1932
1933
1935 5.8.3.10. invalid-id
1937 The stream ID or server dialback ID is invalid or does not match an
1938 ID previously provided.
1940 (In the following example, the server dialback ID is invalid; see
1941 [XEP-0220].)
1943 P:
1949 S:
1950
1952
1953
1955 5.8.3.11. invalid-namespace
1957 The streams namespace name is something other than
1958 "http://etherx.jabber.org/streams" (see Section 12.2) or the default
1959 namespace is not supported (e.g., something other than "jabber:
1960 client" or "jabber:server").
1962 (In the following example, the client specifies a streams namespace
1963 of 'http://wrong.namespace.example.org/'.)
1965 C:
1966
1973 S:
1974
1982
1983
1985
1986
1988 5.8.3.12. invalid-xml
1990 The entity has sent invalid XML over the stream to a server that
1991 performs validation (see Section 12.4).
1993 (In the following example, the peer attempts to send an IQ stanza of
1994 type "subscribe" but the XML schema defines no such value for the
1995 'type' attribute.)
1996 P:
2000
2001
2003 S:
2004
2006
2007
2009 5.8.3.13. not-authorized
2011 The entity has attempted to send XML stanzas before the stream has
2012 been authenticated, or otherwise is not authorized to perform an
2013 action related to stream negotiation; the receiving entity MUST NOT
2014 process the offending stanza before sending the stream error.
2016 (In the following example, the client attempts to send XML stanzas
2017 before authenticating with the server.)
2018 C:
2019
2026 S:
2027
2037 Wherefore art thou?
2038
2040 S:
2041
2043
2044
2046 5.8.3.14. policy-violation
2048 The entity has violated some local service policy (e.g., the stanza
2049 exceeds a configured size limit); the server MAY choose to specify
2050 the policy in the element or in an application-specific
2051 condition element.
2053 (In the following example, the client sends an XMPP message that is
2054 too large according to the server's local service policy.)
2056 C:
2057 [ ... the-emacs-manual ... ]
2058
2060 S:
2061
2063
2065 S:
2067 5.8.3.15. remote-connection-failed
2069 The server is unable to properly connect to a remote entity that is
2070 required for authentication or authorization, such as a remote
2071 authentication database or (in server dialback) the authoritative
2072 server.
2074 C:
2075
2082 S:
2083
2091
2092
2094
2095
2097 5.8.3.16. resource-constraint
2099 The server lacks the system resources necessary to service the
2100 stream.
2102 C:
2103
2110 S:
2111
2119
2120
2122
2123
2125 5.8.3.17. restricted-xml
2127 The entity has attempted to send restricted XML features such as a
2128 comment, processing instruction, DTD subset, or XML entity reference
2129 (see Section 12.1).
2131 (In the following example, the client sends an XMPP message
2132 containing an XML comment.)
2134 C:
2135
2136 This message has no subject.
2137
2139 S:
2140
2142
2143
2145 5.8.3.18. see-other-host
2147 The server will not provide service to the initiating entity but is
2148 redirecting traffic to another host; the XML character data of the
2149 element returned by the server SHOULD specify the
2150 alternate hostname or IP address at which to connect, which SHOULD be
2151 a valid domain identifier but MAY also include a port number; if no
2152 port is specified, the initiating entity SHOULD perform a [DNS-SRV]
2153 lookup on the provided domain identifier but MAY assume that it can
2154 connect to that domain identifier at the standard XMPP ports (i.e.,
2155 5222 for client-to-server connections and 5269 for server-to-server
2156 connections).
2158 C:
2159
2166 S:
2167
2175
2176
2178 im.example.com:9090
2179
2180
2181
2183 5.8.3.19. system-shutdown
2185 The server is being shut down and all active streams are being
2186 closed.
2188 S:
2189
2191
2192
2194 5.8.3.20. undefined-condition
2196 The error condition is not one of those defined by the other
2197 conditions in this list; this error condition SHOULD be used only in
2198 conjunction with an application-specific condition.
2200 S:
2201
2203
2204
2205
2207 5.8.3.21. unsupported-encoding
2209 The initiating entity has encoded the stream in an encoding that is
2210 not supported by the server (see Section 12.6) or has otherwise
2211 improperly encoded the stream (e.g., by violating the rules of the
2212 UTF-8 encoding).
2214 (In the following example, the client attempts to encode data using
2215 UTF-16 instead of UTF-8.)
2217 C:
2218
2225 S:
2226
2235
2237
2238
2240 5.8.3.22. unsupported-stanza-type
2242 The initiating entity has sent a first-level child of the stream that
2243 is not supported by the server or consistent with the default
2244 namespace.
2246 (In the following example, the client attempts to send an XML stanza
2247 of when the default namespace is "jabber:client".)
2249 C:
2250
2251 -
2252
2253 Soliloquy
2254
2255 To be, or not to be: that is the question:
2256 Whether 'tis nobler in the mind to suffer
2257 The slings and arrows of outrageous fortune,
2258 Or to take arms against a sea of troubles,
2259 And by opposing end them?
2260
2261
2263 tag:denmark.example,2003:entry-32397
2264 2003-12-13T18:30:02Z
2265 2003-12-13T18:30:02Z
2266
2267
2268
2269
2271 S:
2272
2274
2275
2277 5.8.3.23. unsupported-version
2279 The value of the 'version' attribute provided by the initiating
2280 entity in the stream header specifies a version of XMPP that is not
2281 supported by the server; the server MAY specify the version(s) it
2282 supports in the element.
2284 (In the following example, the client specifies an XMPP version of
2285 "11.0" but the server supports only version "1.0" and "1.1".)
2286 C:
2287
2294 S:
2295
2304
2306
2307 1.0, 1.1
2308
2309
2310
2312 5.8.3.24. xml-not-well-formed
2314 The initiating entity has sent XML that violates the well-formedness
2315 rules of [XML] or [XML-NAMES].
2317 (In the following example, the client sends an XMPP message that is
2318 not well-formed XML.)
2320 C:
2321 No closing body tag!
2322
2324 S:
2325
2327
2328
2330 5.8.4. Application-Specific Conditions
2332 As noted, an application MAY provide application-specific stream
2333 error information by including a properly-namespaced child in the
2334 error element. The application-specific element SHOULD supplement or
2335 further qualify a defined element. Thus the element will
2336 contain two or three child elements.
2338 C:
2339
2340 My keyboard layout is:
2342 QWERTYUIOP{}|
2343 ASDFGHJKL:"
2344 ZXCVBNM<>?
2345
2346
2348 S:
2349
2351
2352 Some special application diagnostic information!
2353
2354
2355
2356
2358 5.9. Simplified Stream Examples
2360 This section contains two simplified examples of a stream-based
2361 connection between a client and a server; these examples are included
2362 for the purpose of illustrating the concepts introduced thus far.
2364 A basic connection:
2366 C:
2367
2376
2385 [ ... channel encryption ... ]
2387 [ ... authentication ... ]
2389 [ ... resource binding ... ]
2391 C:
2394 Art thou not Romeo, and a Montague?
2395
2397 S:
2400 Neither, fair saint, if either thee dislike.
2401
2403 C:
2405 S:
2406 A connection gone bad:
2408 C:
2409
2417 S:
2418
2427 [ ... channel encryption ... ]
2429 [ ... authentication ... ]
2431 [ ... resource binding ... ]
2433 C:
2436 No closing body tag!
2437
2439 S:
2440
2442
2443
2445 More detailed examples are provided under Section 10.
2447 6. STARTTLS Negotiation
2448 6.1. Overview
2450 XMPP includes a method for securing the stream from tampering and
2451 eavesdropping. This channel encryption method makes use of the
2452 Transport Layer Security [TLS] protocol, specifically a "STARTTLS"
2453 extension that is modelled after similar extensions for the [IMAP],
2454 [POP3], and [ACAP] protocols as described in [USINGTLS]. The XML
2455 namespace name for the STARTTLS extension is
2456 'urn:ietf:params:xml:ns:xmpp-tls'.
2458 Support for STARTTLS is REQUIRED in XMPP client and server
2459 implementations. An administrator of a given deployment MAY require
2460 the use of TLS for client-to-server communication, server-to-server
2461 communication, or both. A deployed client SHOULD use TLS to secure
2462 its stream with a server prior to attempting the completion of SASL
2463 negotiation (Section 7), and deployed servers SHOULD use TLS between
2464 two domains for the purpose of securing server-to-server
2465 communication.
2467 6.2. Rules
2469 6.2.1. Data Formatting
2471 During STARTTLS negotiation, the entities MUST NOT send any
2472 whitespace within the root stream element as separators between XML
2473 elements (i.e., from the last character of the element
2474 qualified by the 'urn:ietf:params:xml:ns:xmpp-tls' namespace at
2475 depth=1 of the stream as sent by the initiating entity until the last
2476 character of the element qualified by the
2477 'urn:ietf:params:xml:ns:xmpp-tls' namespace at depth=1 of the stream
2478 as sent by the receiving entity). This prohibition helps to ensure
2479 proper security layer byte precision. Any such whitespace shown in
2480 the STARTTLS examples provided in this document is included only for
2481 the sake of readability.
2483 6.2.2. Order of Negotiation
2485 If the initiating entity chooses to use TLS, STARTTLS negotiation
2486 MUST be completed before proceeding to SASL negotiation (Section 7);
2487 this order of negotiation is required to help safeguard
2488 authentication information sent during SASL negotiation, as well as
2489 to make it possible to base the use of the SASL EXTERNAL mechanism on
2490 a certificate (or other credentials) provided during prior TLS
2491 negotiation.
2493 6.3. Process
2495 6.3.1. Exchange of Stream Headers and Stream Features
2497 The initiating entity resolves the hostname of the receiving entity
2498 as specified under Section 4, opens a TCP connection to the
2499 advertised port at the resolved IP address, and sends an initial
2500 stream header to the receiving entity; if the initiating entity is
2501 capable of STARTTLS negotiation, it MUST include the 'version'
2502 attribute set to a value of at least "1.0" in the initial stream
2503 header.
2505 I:
2513 The receiving entity MUST send a response stream header to the
2514 initiating entity over the TCP connection opened by the initiating
2515 entity; if the receiving entity is capable of STARTTLS negotiation,
2516 it MUST include the 'version' attribute set to a value of at least
2517 "1.0" in the response stream header.
2519 R: element qualified by the
2532 'urn:ietf:params:xml:ns:xmpp-tls' namespace.
2534 If the receiving entity considers STARTTLS negotiation to be
2535 discretionary, the element MUST contain an empty
2536 child element.
2538 R:
2539
2540
2541
2542
2544 If the receiving entity considers STARTTLS negotiation to be
2545 mandatory, the element MUST contain an empty
2546 child element.
2548 R:
2549
2550
2551
2552
2554 6.3.2. Initiation of STARTTLS Negotiation
2556 6.3.2.1. STARTTLS Command
2558 In order to begin the STARTTLS negotiation, the initiating entity
2559 issues the STARTTLS command (i.e., a element qualified by
2560 the 'urn:ietf:params:xml:ns:xmpp-tls' namespace) to instruct the
2561 receiving entity that it wishes to begin a STARTTLS negotiation to
2562 secure the stream.
2564 I:
2566 The receiving entity MUST reply with either a element
2567 (proceed case) or a element (failure case) qualified by
2568 the 'urn:ietf:params:xml:ns:xmpp-tls' namespace.
2570 6.3.2.2. Failure Case
2572 If the failure case occurs, the receiving entity MUST return a
2573 element qualified by the 'urn:ietf:params:xml:ns:xmpp-tls'
2574 namespace, terminate the XML stream, and terminate the underlying TCP
2575 connection.
2577 R:
2579 R:
2581 Causes for the failure case include but are not limited to:
2583 1. The initiating entity has sent a malformed STARTTLS command.
2585 2. The receiving entity does not offer STARTTLS negotiation either
2586 temporarily or permanently.
2587 3. The receiving entity cannot complete STARTTLS negotiation because
2588 of an internal error.
2590 Note: STARTTLS failure is not triggered by TLS errors such as bad
2591 certificate or unknown certificate authority; those errors are
2592 generated and handled during the TLS negotiation itself as
2593 described in [TLS].
2595 If the failure case occurs, the initiating entity MAY attempt to
2596 reconnect as explained under Section 4.5.
2598 6.3.2.3. Proceed Case
2600 If the proceed case occurs, the receiving entity MUST return a
2601 element qualified by the 'urn:ietf:params:xml:ns:xmpp-tls'
2602 namespace.
2604 R:
2606 The receiving entity MUST consider the TLS negotiation to have begun
2607 immediately after sending the closing '>' character of the
2608 element to the initiating entity. The initiating entity MUST
2609 consider the TLS negotiation to have begun immediately after
2610 receiving the closing '>' character of the element from
2611 the receiving entity.
2613 The entities now proceed to TLS negotiation as explained in the next
2614 section.
2616 6.3.3. TLS Negotiation
2618 6.3.3.1. Rules
2620 In order to complete TLS negotiation over the TCP connection, the
2621 entities MUST follow the process defined in [TLS].
2623 The following rules apply:
2625 1. The entities MUST NOT send any further XML data until the TLS
2626 negotiation has either failed or succeeded.
2627 2. The receiving entity MUST present a certificate.
2628 3. The receiving entity SHOULD send a certificate request to the
2629 initiating entity so that mutual authentication will be possible.
2630 4. The initiating entity MUST validate the certificate to determine
2631 if the TLS negotiation shall succeed; see Section 15.2.2
2632 regarding certificate validation procedures.
2634 5. The receiving entity SHOULD choose which certificate to present
2635 based on the 'to' attribute of the initial stream header.
2637 Note: See Section 15.7 regarding ciphers that MUST be supported
2638 for TLS; naturally, other ciphers MAY be supported as well.
2640 6.3.3.2. TLS Failure
2642 If the TLS negotiation results in failure, the receiving entity MUST
2643 terminate the TCP connection.
2645 The receiving entity MUST NOT send a closing tag before
2646 terminating the TCP connection, since the receiving entity and
2647 initiating entity MUST consider the original stream to be replaced
2648 upon failure of the TLS negotiation.
2650 6.3.3.3. TLS Success
2652 If the TLS negotiation is successful, then the entities MUST proceed
2653 as follows.
2655 1. The receiving entity MUST discard any knowledge obtained in an
2656 insecure manner from the initiating entity before TLS took
2657 effect.
2658 2. The initiating entity MUST discard any knowledge obtained in an
2659 insecure manner from the receiving entity before TLS took effect.
2660 3. The initiating entity MUST send a new initial stream header to
2661 the receiving entity over the encrypted connection.
2663 I:
2671 Note: The initiating entity MUST NOT send a closing tag
2672 before sending the new initial stream header, since the receiving
2673 entity and initiating entity MUST consider the original stream to
2674 be replaced upon success of the TLS negotiation.
2675 4. The receiving entity MUST respond with a new response stream
2676 header over the encrypted connection.
2678 R:
2693
2694 EXTERNAL
2695 PLAIN
2696
2697
2698
2700 7. SASL Negotiation
2702 7.1. Overview
2704 XMPP includes a method for authenticating a stream by means of an
2705 XMPP-specific profile of the Simple Authentication and Security Layer
2706 protocol (see [SASL]). SASL provides a generalized method for adding
2707 authentication support to connection-based protocols, and XMPP uses
2708 an XML namespace profile of SASL that conforms to the profiling
2709 requirements of [SASL].
2711 Support for SASL negotiation is REQUIRED in XMPP client and server
2712 implementations.
2714 7.2. Rules
2716 7.2.1. Mechanism Preferences
2718 Any entity that will act as a SASL client or a SASL server MUST
2719 maintain an ordered list of its preferred SASL mechanisms according
2720 to the client or server, where the list is ordered by the perceived
2721 strength of the mechanisms. A server MUST offer and a client MUST
2722 try SASL mechanisms in the order of their perceived strength. For
2723 example, if the server offers the ordered list "PLAIN DIGEST-MD5
2724 GSSAPI" or "DIGEST-MD5 GSSAPI PLAIN" but the client's ordered list is
2725 "GSSAPI DIGEST-MD5", the client shall try GSSAPI first and then
2726 DIGEST-MD5 but shall never try PLAIN (since PLAIN is not on its
2727 list).
2729 7.2.2. Mechanism Offers
2731 If the receiving entity considers TLS negotiation (Section 6) to be
2732 mandatory before use of a particular SASL authentication mechanism
2733 will be acceptable, the receiving entity MUST NOT advertise that
2734 mechanism in its list of available SASL authentication mechanisms
2735 prior to successful TLS negotiation.
2737 If during prior TLS negotiation the initiating entity presented a
2738 certificate that is acceptable to the receiving entity for purposes
2739 of strong identity verification in accordance with local service
2740 policies, the receiving entity MUST offer the SASL EXTERNAL mechanism
2741 to the initiating entity during SASL negotiation (refer to [SASL])
2742 and SHOULD prefer that mechanism. However, the EXTERNAL mechanism
2743 MAY be offered under other circumstances as well.
2745 See Section 15.7 regarding mechanisms that MUST be supported;
2746 naturally, other SASL mechanisms MAY be supported as well. Best
2747 practices for the use of several SASL mechanisms in the context of
2748 XMPP are described in [XEP-0175] and [XEP-0178].
2750 7.2.3. Data Formatting
2752 The following data formattting rules apply to the SASL negotiation:
2754 1. During SASL negotiation, the entities MUST NOT send any
2755 whitespace within the root stream element as separators between
2756 XML elements (i.e., from the last character of the
2757 element qualified by the 'urn:ietf:params:xml:ns:xmpp-sasl'
2758 namespace at depth=1 of the stream as sent by the initiating
2759 entity until the last character of the element
2760 qualified by the 'urn:ietf:params:xml:ns:xmpp-sasl' namespace at
2761 depth=1 of the stream as sent by the receiving entity). This
2762 prohibition helps to ensure proper security layer byte precision.
2763 Any such whitespace shown in the SASL examples provided in this
2764 document is included only for the sake of readability.
2765 2. Any XML character data contained within the XML elements MUST be
2766 encoded using base64, where the encoding adheres to the
2767 definition in Section 4 of [BASE64] and where the padding bits
2768 are set to zero.
2769 3. As formally specified in the XML schema for the
2770 'urn:ietf:params:xml:ns:xmpp-sasl' namespace under Appendix C.4,
2771 the receiving entity MAY include one or more application-specific
2772 child elements inside the element to provide
2773 information that might be needed by the initiating entity in
2774 order to complete successful SASL negotiation using one or more
2775 of the offered mechanisms; however, the syntax and semantics of
2776 all such elements are out of scope for this specification.
2778 7.2.4. Security Layers
2780 Upon successful SASL negotiation that involves negotiation of a
2781 security layer, both the initiating entity and the receiving MUST
2782 discard any application-layer state (i.e, state from the XMPP layer,
2783 excluding state from the TLS negotiation or SASL negotiation).
2785 7.2.5. Simple Usernames
2787 It is possible that provision of a "simple username" is supported by
2788 the selected SASL mechanism (e.g., this is supported by the DIGEST-
2789 MD5 and CRAM-MD5 mechanisms but not by the EXTERNAL and GSSAPI
2790 mechanisms). The simple username provided during authentication MUST
2791 be as follows:
2793 Client-to-server communication: The initiating entity's registered
2794 account name, i.e., a user name or node name as described under
2795 Section 3.3 (this is not a bare JID of the form but
2796 only the node portion of the JID). The simple username MUST
2797 adhere to the Nodeprep (Appendix A) profile of [STRINGPREP].
2798 Server-to-server communication: The initiating entity's sending
2799 domain, i.e., IP address or fully qualified domain name as
2800 contained in an XMPP domain identifier. The simple username MUST
2801 adhere to the [NAMEPREP] profile of [STRINGPREP].
2803 7.2.6. Authorization Identities
2805 If the initiating entity wishes to act on behalf of another entity
2806 and the selected SASL mechanism supports transmission of an
2807 authorization identity, the initiating entity MUST provide an
2808 authorization identity during SASL negotiation. If the initiating
2809 entity does not wish to act on behalf of another entity, it MUST NOT
2810 provide an authorization identity. As specified in [SASL], the
2811 initiating entity MUST NOT provide an authorization identity unless
2812 the authorization identity is different from the default
2813 authorization identity derived from the authentication identity. If
2814 provided, the value of the authorization identity MUST be a bare JID
2815 of the form (i.e., an XMPP domain identifier only) for
2816 servers and a bare JID of the form (i.e., node
2817 identifier and domain identifier) for clients.
2819 Note: The authorization identity communited during SASL
2820 negotiation is used to determine the canonical address for the
2821 initiating client or server according to the receiving server, as
2822 described under Section 3.5.
2824 7.2.7. Round Trips
2826 [SASL] specifies that a using protocol such as XMPP can define two
2827 methods by which the protocol can save round trips where allowed for
2828 the SASL mechanism:
2830 1. When the SASL client (the XMPP "initiating entity") requests an
2831 authentication exchange, it can include "initial response" data
2832 with its request if appropriate for the SASL mechanism in use.
2833 In XMPP this is done by including the initial response as the XML
2834 character data of the element.
2835 2. At the end of the authentication exchange, the SASL server (the
2836 XMPP "receiving entity") can include "additional data with
2837 success" if appropriate for the SASL mechanism in use. In XMPP
2838 this is done by including the additional data as the XML
2839 character data of the element.
2841 For the sake of protocol efficiency, it is RECOMMENDED for XMPP
2842 clients and servers to use these methods, however they MUST support
2843 the less efficient modes as well.
2845 7.3. Process
2847 The process for SASL negotiation is as follows.
2849 7.3.1. Exchange of Stream Headers and Stream Features
2851 If SASL negotiation follows successful STARTTLS negotation
2852 (Section 6), then the SASL negotiation occurs over the encrypted
2853 stream that has already been negotiated. If not, the initiating
2854 entity resolves the hostname of the receiving entity as specified
2855 under Section 4, opens a TCP connection to the advertised port at the
2856 resolved IP address, and sends an initial stream header to the
2857 receiving entity; if the initiating entity is capable of STARTTLS
2858 negotiation, it MUST include the 'version' attribute set to a value
2859 of at least "1.0" in the initial stream header.
2861 I:
2869 The receiving entity MUST send a response stream header to the
2870 initiating entity; if the receiving entity is capable of SASL
2871 negotiation, it MUST include the 'version' attribute set to a value
2872 of at least "1.0" in the response stream header.
2874 R: element qualified by the
2887 'urn:ietf:params:xml:ns:xmpp-sasl' namespace.
2889 The element MUST contain one child element
2890 for each authentication mechanism the receiving entity offers to the
2891 initiating entity. The order of elements in the XML
2892 indicates the preference order of the SASL mechanisms according to
2893 the receiving entity; however the initiating entity MUST maintain its
2894 own preference order independent of the preference order of the
2895 receiving entity.
2897 R:
2898
2899 EXTERNAL
2900 PLAIN
2901
2902
2903
2905 If the receiving entity considers SASL negotiation to be
2906 discretionary, the element MUST contain an empty
2907 child element.
2909 R:
2910
2911 EXTERNAL
2912 PLAIN
2913
2914
2916
2918 If the receiving entity considers SASL negotiation to be mandatory,
2919 the element MUST contain an empty child
2920 element.
2922 R:
2923
2924 EXTERNAL
2925 PLAIN
2926
2927
2928
2930 7.3.2. Initiation
2932 In order to begin the SASL negotiation, the initiating entity sends
2933 an element qualified by the
2934 'urn:ietf:params:xml:ns:xmpp-sasl' namespace and includes an
2935 appropriate value for the 'mechanism' attribute. This element MAY
2936 contain XML character data (in SASL terminology, the "initial
2937 response") if the mechanism supports or requires it; if the
2938 initiating entity needs to send a zero-length initial response, it
2939 MUST transmit the response as a single equals sign character ("="),
2940 which indicates that the response is present but contains no data.
2942 I: UjBtMzBSMGNrcw==
2945 7.3.3. Challenge-Response Sequence
2947 If necessary, the receiving entity challenges the initiating entity
2948 by sending a element qualified by the
2949 'urn:ietf:params:xml:ns:xmpp-sasl' namespace; this element MAY
2950 contain XML character data (which MUST be generated in accordance
2951 with the definition of the SASL mechanism chosen by the initiating
2952 entity).
2954 The initiating entity responds to the challenge by sending a
2955 element qualified by the
2956 'urn:ietf:params:xml:ns:xmpp-sasl' namespace; this element MAY
2957 contain XML character data (which MUST be generated in accordance
2958 with the definition of the SASL mechanism chosen by the initiating
2959 entity).
2961 If necessary, the receiving entity sends more challenges and the
2962 initiating entity sends more responses.
2964 This series of challenge/response pairs continues until one of three
2965 things happens:
2967 o The initiating entity aborts the handshake.
2968 o The receiving entity reports failure of the handshake.
2969 o The receiving entity reports success of the handshake.
2971 These scenarios are described in the following sections.
2973 7.3.4. Abort
2975 The initiating entity aborts the handshake by sending an
2976 element qualified by the 'urn:ietf:params:xml:ns:xmpp-sasl'
2977 namespace.
2979 I:
2981 Upon receiving an element, the receiving entity MUST return
2982 a element qualified by the
2983 'urn:ietf:params:xml:ns:xmpp-sasl' namespace and containing an
2984 child element.
2986 R:
2987
2988
2990 7.3.5. Failure
2992 The receiving entity reports failure of the handshake by sending a
2993 element qualified by the
2994 'urn:ietf:params:xml:ns:xmpp-sasl' namespace (the particular cause of
2995 failure MUST be communicated in an appropriate child element of the
2996 element as defined under Section 7.4).
2998 R:
2999
3000
3002 Where appropriate for the chosen SASL mechanism, the receiving entity
3003 SHOULD allow a configurable but reasonable number of retries (at
3004 least 2 and no more than 5); this enables the initiating entity
3005 (e.g., an end-user client) to tolerate incorrectly-provided
3006 credentials (e.g., a mistyped password) without being forced to
3007 reconnect.
3009 If the initiating entity attempts a reasonable number of retries with
3010 the same SASL mechanism and all attempts fail, it MAY fall back to
3011 the next mechanism in its ordered list by sending a new
3012 request to the receiving entity. If there are no remaining
3013 mechanisms in its list, the initiating entity SHOULD instead send an
3014 element to the receiving entity.
3016 If the initiating entity exceeds the number of retries, the receiving
3017 entity MUST return a stream error (which SHOULD be but MAY be ).
3020 7.3.6. Success
3022 The receiving entity reports success of the handshake by sending a
3023 element qualified by the
3024 'urn:ietf:params:xml:ns:xmpp-sasl' namespace; this element MAY
3025 contain XML character data (in SASL terminology, "additional data
3026 with success") if the chosen SASL mechanism supports or requires it;
3027 if the receiving entity needs to send additional data of zero length,
3028 it MUST transmit the data as a single equals sign character ("=").
3030 R:
3032 Note: The authorization identity communited during SASL
3033 negotiation is used to determine the canonical address for the
3034 initiating client or server according to the receiving server, as
3035 described under Section 3.5.
3037 Upon receiving the element, the initiating entity MUST
3038 initiate a new stream over the existing TCP connection by sending a
3039 new initial stream header to the receiving entity.
3041 I: tag
3050 before sending the new initial stream header, since the receiving
3051 entity and initiating entity MUST consider the original stream to
3052 be replaced upon sending or receiving the element.
3054 Upon receiving the new initial stream header from the initiating
3055 entity, the receiving entity MUST respond by sending a new response
3056 XML stream header to the initiating entity.
3058 R:
3067 The receiving entity MUST also send stream features, containing any
3068 further available features or containing no features (via an empty
3069 element).
3071 R:
3072
3073
3074
3075
3077 7.4. SASL Errors
3079 The syntax of SASL errors is as follows:
3081
3082
3083 [
3084 OPTIONAL descriptive text
3085 ]
3086
3088 Where "defined-condition" is one of the SASL-related error conditions
3089 defined in the following sections.
3091 Inclusion of a defined condition is REQUIRED.
3093 Inclusion of the element is OPTIONAL, and can be used to
3094 provide application-specific information about the error condition,
3095 which information MAY be displayed to a human but only as a
3096 supplement to the defined condition.
3098 7.4.1. aborted
3100 The receiving entity acknowledges an element sent by the
3101 initiating entity; sent in reply to the element.
3103 I:
3105 R:
3106
3107
3109 7.4.2. account-disabled
3111 The account of the initiating entity has been temporarily disabled;
3112 sent in reply to an element (with or without initial response
3113 data) or a element.
3115 I: UjBtMzBSMGNrcw==
3118 R:
3119
3120 Call 212-555-1212 for assistance.
3121
3123 7.4.3. credentials-expired
3125 The authentication failed because the initiating entity provided
3126 credentials that have expired; sent in reply to a element
3127 or an element with initial response data.
3129 I:
3130 [ ... ]
3131
3133 R:
3134
3135
3137 7.4.4. encryption-required
3139 The mechanism requested by the initiating entity cannot be used
3140 unless the underlying stream is encrypted; sent in reply to an
3141 element (with or without initial response data).
3143 I: UjBtMzBSMGNrcw==
3146 R:
3147
3148
3150 7.4.5. incorrect-encoding
3152 The data provided by the initiating entity could not be processed
3153 because the [BASE64] encoding is incorrect (e.g., because the
3154 encoding does not adhere to the definition in Section 4 of [BASE64]);
3155 sent in reply to a element or an element with
3156 initial response data.
3158 I: [ ... ]
3161 R:
3162
3163
3165 7.4.6. invalid-authzid
3167 The authzid provided by the initiating entity is invalid, either
3168 because it is incorrectly formatted or because the initiating entity
3169 does not have permissions to authorize that ID; sent in reply to a
3170 element or an element with initial response data.
3172 I:
3173 [ ... ]
3174
3176 R:
3177
3178
3180 7.4.7. invalid-mechanism
3182 The initiating entity did not provide a mechanism or requested a
3183 mechanism that is not supported by the receiving entity; sent in
3184 reply to an element.
3186 I:
3189 R:
3190
3191
3193 7.4.8. malformed-request
3195 The request is malformed (e.g., the element includes initial
3196 response data but the mechanism does not allow that, or the data sent
3197 violates the syntax for the specified SASL mechanism); sent in reply
3198 to an , , , or element.
3200 (In the following example, the XML character data of the
3201 element contains more than 255 UTF-8-encoded Unicode characters and
3202 therefore violates the "token" production for the SASL ANONYMOUS
3203 mechanism as specified in [ANONYMOUS].)
3205 I: [ ... some-long-token ... ]
3208 R:
3209
3210
3212 7.4.9. mechanism-too-weak
3214 The mechanism requested by the initiating entity is weaker than
3215 server policy permits for that initiating entity; sent in reply to an
3216 element (with or without initial response data).
3218 I: UjBtMzBSMGNrcw==
3221 R:
3222
3223
3225 7.4.10. not-authorized
3227 The authentication failed because the initiating entity did not
3228 provide proper credentials; sent in reply to a element or
3229 an element with initial response data.
3231 I:
3232 [ ... ]
3233
3235 R:
3236
3237
3239 Note: This error condition includes but is not limited to the case
3240 of incorrect credentials or an unknown username. In order to
3241 discourage directory harvest attacks, no differentiation is made
3242 between incorrect credentials and an unknown username.
3244 7.4.11. temporary-auth-failure
3246 The authentication failed because of a temporary error condition
3247 within the receiving entity, and it is advisable for the initiating
3248 entity to try again later; sent in reply to an element or a
3249 element.
3251 I:
3252 [ ... ]
3253
3255 R:
3256
3257
3259 7.4.12. transition-needed
3261 The authentication failed because the mechanism cannot be used until
3262 the initiating entity provides (for one time only) a plaintext
3263 password so that the receiving entity can build a hashed password for
3264 use in future authentication attempts; sent in reply to an
3265 element with or without initial response data.
3267 I: [ ... ]
3270 R:
3271
3272
3274 Note: An XMPP client MUST treat a error with
3275 extreme caution, SHOULD NOT provide a plaintext password over an
3276 XML stream that is not encrypted via Transport Layer Security, and
3277 MUST warn a human user before allowing the user to provide a
3278 plaintext password over an unencrypted connection.
3280 7.5. SASL Definition
3282 The profiling requirements of [SASL] require that the following
3283 information be supplied by the definition of a using protocol.
3285 service name: "xmpp"
3286 initiation sequence: After the initiating entity provides an opening
3287 XML stream header and the receiving entity replies in kind, the
3288 receiving entity provides a list of acceptable authentication
3289 methods. The initiating entity chooses one method from the list
3290 and sends it to the receiving entity as the value of the
3291 'mechanism' attribute possessed by an element, optionally
3292 including an initial response to avoid a round trip.
3293 exchange sequence: Challenges and responses are carried through the
3294 exchange of elements from receiving entity to
3295 initiating entity and elements from initiating entity
3296 to receiving entity. The receiving entity reports failure by
3297 sending a element and success by sending a
3298 element; the initiating entity aborts the exchange by sending an
3299 element. Upon successful negotiation, both sides
3300 consider the original XML stream to be closed and new stream
3301 headers are sent by both entities.
3302 security layer negotiation: The security layer takes effect
3303 immediately after sending the closing '>' character of the
3304 element for the receiving entity, and immediately after
3305 receiving the closing '>' character of the element for
3306 the initiating entity. The order of layers is first [TCP], then
3307 [TLS], then [SASL], then XMPP.
3308 use of the authorization identity: The authorization identity can be
3309 used in XMPP to denote the non-default of a client
3310 or the sending of a server; an empty string is equivalent
3311 to an absent authorization identity.
3313 8. Resource Binding
3315 8.1. Overview
3317 After a client authenticates with a server, it MUST bind a specific
3318 resource to the stream so that the server can properly address the
3319 client (see Section 3). That is, there MUST be an XMPP resource
3320 identifier associated with the bare JID () of the
3321 client, so that the address for use over that stream is a full JID of
3322 the form . This ensures that the server can
3323 deliver XML stanzas to and receive XML stanzas from the client (see
3324 Section 11).
3326 After a client has bound a resource to the stream, it is referred to
3327 as a CONNECTED RESOURCE. A server SHOULD allow an entity to maintain
3328 multiple connected resources simultaneously, where each connected
3329 resource is differentiated by a distinct resource identifier;
3330 however, a server MUST enable the administrator of an XMPP service to
3331 limit the number of connected resources in order to prevent certain
3332 denial of service attacks as described under Section 15.12.
3334 If, before completing the resource binding step, the client attempts
3335 to send an outbound XML stanza (i.e., a stanza not directed to the
3336 server itself or to the client's own account), the server MUST NOT
3337 process the stanza and MUST either ignore the stanza or return a
3338 stream error to the client.
3340 Support for resource binding is REQUIRED in XMPP client and server
3341 implementations.
3343 8.2. Advertising Support
3345 Upon sending a new response stream header to the client after
3346 successful SASL negotiation, the server MUST include a
3347 element qualified by the 'urn:ietf:params:xml:ns:xmpp-bind' namespace
3348 in the stream features it presents to the client; this
3349 element MUST include an empty element to explicitly
3350 indicate that it is mandatory for the client to complete resource
3351 binding at this stage of the stream negotiation process.
3353 Note: The server MUST NOT include the resource binding stream
3354 feature until after successful SASL negotiation.
3356 S:
3365 S:
3366
3367
3368
3369
3371 Upon being so informed that resource binding is required, the client
3372 MUST bind a resource to the stream as described in the following
3373 sections.
3375 8.3. Generation of Resource Identifiers
3377 A resource identifier MUST at a minimum be unique among the connected
3378 resources for that . Enforcement of this policy is the
3379 responsibility of the server.
3381 A resource identifier can be security-critical. For example, if a
3382 malicious entity can guess a client's resource identifier then it
3383 might be able to determine if the client (and therefore the
3384 controlling principal) is online or offline, thus resulting in a
3385 presence leak as described under Section 15.13. To prevent that
3386 possibility, a client can either (1) generate a random resource
3387 identifier on its own or (2) ask the server to generate a resource
3388 identifier on its behalf, which MUST be random (see [RANDOM]). When
3389 generating a random resource identifier, it is RECOMMENDED that the
3390 resource identifier be a Universally Unique Identifier (UUID), for
3391 which the format specified in [UUID] is RECOMMENDED.
3393 8.4. Server-Generated Resource Identifier
3395 A server that supports resource binding MUST be able to generate an
3396 XMPP resource identifier on behalf of a client.
3398 8.4.1. Success Case
3400 A client requests a server-generated resource identifier by sending
3401 an IQ stanza of type "set" (see Section 9.2.3) containing an empty
3402 element qualified by the 'urn:ietf:params:xml:ns:xmpp-bind'
3403 namespace.
3405 C:
3406
3407
3409 Once the server has generated an XMPP resource identifier for the
3410 client, it MUST return an IQ stanza of type "result" to the client,
3411 which MUST include a child element that specifies the full JID
3412 for the connected resource as determined by the server.
3414 S:
3415
3416
3417 juliet@im.example.com/4db06f06-1ea4-11dc-aca3-000bcd821bfb
3418
3419
3420
3422 8.4.2. Error Cases
3424 When a client asks the server to generate a resource identifer during
3425 resource binding, the following stanza error conditions are possible:
3427 o The account has reached a limit on the number of simultaneous
3428 connected resources allowed.
3429 o The client is otherwise not allowed to bind a resource to the
3430 stream.
3432 8.4.2.1. Resource Constraint
3434 If the account has reached a limit on the number of simultaneous
3435 connected resources allowed, the server MUST return a error.
3438 S:
3439
3440
3442
3443
3445 8.4.2.2. Not Allowed
3447 If the client is otherwise not allowed to bind a resource to the
3448 stream, the server MUST return a error.
3450 S:
3451
3452
3454
3455
3457 8.5. Client-Submitted Resource Identifier
3459 Instead of asking the server to generate a resource identifier on its
3460 behalf, a client MAY attempt to submit a resource identifier that it
3461 has generated or that the controlling user has provided.
3463 8.5.1. Success Case
3465 A client asks its server to accept a client-submitted resource
3466 identifier by sending an IQ stanza of type "set" containing a
3467 element with a child element containing non-zero-length
3468 XML character data.
3470 C:
3471
3472 balcony
3473
3474
3476 The server SHOULD accept the client-submitted resource identifier.
3477 It does so by returning an IQ stanza of type "result" to the client,
3478 including a child element that specifies the full JID for the
3479 connected resource and contains without modification the client-
3480 submitted text.
3482 S:
3483
3484 juliet@im.example.com/balcony
3485
3486
3488 8.5.2. Error Cases
3490 When a client attempts to submit its own XMPP resource identifier
3491 during resource binding, the following stanza error conditions are
3492 possible in addition to those described under Section 8.4.2:
3494 o The provided resource identifier cannot be processed by the
3495 server, e.g. because it is not in accordance with the Resourceprep
3496 (Appendix B) profile of [STRINGPREP]).
3497 o The provided resource identifier is already in use.
3499 8.5.2.1. Bad Request
3501 If the provided resource identifier cannot be processed by the
3502 server, the server MAY return a error (but SHOULD
3503 instead apply the Resourceprep (Appendix B) profile of [STRINGPREP]
3504 or otherwise process the resource identifier so that it is in
3505 conformance).
3507 S:
3508
3509
3510
3511
3513 8.5.2.2. Conflict
3515 If there is already a connected resource of the same name, the server
3516 MUST do one of the following:
3518 1. Not accept the resource identifier provided by the client but
3519 instead override it with an XMPP resource identifier that the
3520 server generates.
3521 2. Terminate the current resource and allow the newly-requested
3522 resource.
3523 3. Disallow the newly-requested resource and maintain the current
3524 resource.
3526 Which of these the server does is up to the implementation, although
3527 it is RECOMMENDED to implement case #1.
3529 S:
3530
3531
3532 juliet@im.example.com/balcony 4db06f06-1ea4-11dc-aca3-000bcd821bfb
3533
3534
3535
3537 In case #2, the server MUST send a stream error to the
3538 current resource and return an IQ stanza of type "result" (indicating
3539 success) to the newly-requested resource.
3541 S:
3543 In case #3, the server MUST send a stanza error to the
3544 newly-requested resource but maintain the XML stream for that
3545 connection so that the newly-requested resource has an opportunity to
3546 negotiate a non-conflicting resource identifier before sending
3547 another request for resource binding.
3549 S:
3550
3551
3552
3553
3555 8.5.3. Retries
3557 If an error occurs when a client submits a resource identifier, the
3558 server SHOULD allow a configurable but reasonable number of retries
3559 (at least 2 and no more than 5); this enables the client to tolerate
3560 incorrectly-provided resource identifiers (e.g., bad data formats or
3561 duplicate text strings) without being forced to reconnect.
3563 After the client has reached the retry limit, the server MUST return
3564 a stream error to the client.
3566 8.6. Binding Multiple Resources
3568 A server MAY support binding of multiple resources to the same
3569 stream. This functionality is desirable in certain environments
3570 (e.g., for devices that are unable to open more than one TCP
3571 connection or when a machine runs a local XMPP client daemon that is
3572 used by multiple applications).
3574 8.6.1. Support
3576 If a server supports binding of multiple resources to a stream, it
3577 MUST enable a client to unbind resources. A server that supports
3578 unbinding MUST also support binding of multiple resources. Thus a
3579 client can discover whether a server supports binding of multiple
3580 resources by determining if the server advertises a stream feature of
3581 , as follows.
3583 S:
3584
3585
3586
3587
3588
3589
3590
3592 If a server supports binding of mulitple resources, it MUST also send
3593 the unbind feature advertisement after resource binding has been
3594 completed.
3596 8.6.2. Binding an Additional Resource
3598 A connected client binds an additional resource by following the
3599 protocol for binding of the original resource, i.e., by sending an IQ
3600 stanza of type "set" containing a element qualified by the
3601 'urn:ietf:params:xml:ns:xmpp-bind' namespace (either empty to request
3602 server generation of the resource identifier or containing a
3603 element with XML character data to request a client-
3604 submitted resource identifier).
3606 8.6.3. Unbinding a Resource
3608 8.6.3.1. Success Case
3610 A client unbinds a resource by sending an IQ stanza of type "set"
3611 containing an element qualified by the
3612 'urn:ietf:params:xml:ns:xmpp-bind' namespace, which in turn contains
3613 a child element of whose XML character data specifies the
3614 resource to be unbound:
3616 C:
3617
3618 someresource
3619
3620
3622 If no error occurs, the server MUST unbind the resource and no longer
3623 accept stanzas whose 'from' address specifies the full JID associated
3624 with that resource.
3626 S:
3628 When a client unbinds the only resource associated with the stream,
3629 the server SHOULD close the stream and terminate the TCP connection.
3631 S:
3633 S:
3635 8.6.3.2. Error Cases
3637 8.6.3.2.1. Unbind Not Supported
3639 If the server understands the 'urn:ietf:params:xml:ns:xmpp-bind'
3640 namespace but does not understand the element, it MUST
3641 return a stanza error, which MUST be .
3643 S:
3644
3645
3647
3648
3650 8.6.3.2.2. No Such Resource
3652 If there is no such resource for that stream, the server MUST return
3653 an error of .
3655 S:
3656
3657
3658
3659
3661 8.6.4. From Addresses
3663 When a client binds multiple resources to the same stream, proper
3664 management of 'from' addresses is imperative. In particular, a
3665 client MUST specify a 'from' address on every stanza it sends over a
3666 stream to which it has bound multiple resources, where the 'from'
3667 address is the full JID () associated with
3668 the relevant resource. If a client does not specify a 'from' address
3669 on a stanza it sends over a stream to which it has bound multiple
3670 resources, the server MUST return the stanza to the client with an
3671 stanza error.
3673 C:
3674 Wherefore art thou?
3675
3677 S:
3679 Wherefore art thou?
3680
3681
3682
3683
3685 Naturally, the rules regarding validation of asserted 'from'
3686 addresses still apply (see Section 11).
3688 9. XML Stanzas
3690 After a client has connected to a server or two servers have
3691 connected to each other, either party can send XML stanzas over the
3692 negotiated stream. Three kinds of XML stanza are defined for the
3693 'jabber:client' and 'jabber:server' namespaces: ,
3694 , and . In addition, there are five common
3695 attributes for these stanza types. These common attributes, as well
3696 as the basic semantics of the three stanza types, are defined herein;
3697 more detailed information regarding the syntax of XML stanzas for
3698 instant messaging and presence applications is provided in [XMPP-IM],
3699 and for other applications in the relevant XMPP extension
3700 specifications.
3702 A server MUST NOT process a partial stanza and MUST NOT attach
3703 meaning to the transmission timing of any part of a stanza (before
3704 receipt of the close tag).
3706 Support for the XML stanza syntax and semantics defined herein is
3707 REQUIRED in XMPP client and server implementations.
3709 9.1. Common Attributes
3711 The following five attributes are common to message, presence, and IQ
3712 stanzas.
3714 9.1.1. to
3716 The 'to' attribute specifies the JID of the intended recipient for
3717 the stanza.
3719
3720 Art thou not Romeo, and a Montague?
3721
3723 For information about server processing of inbound and outbound XML
3724 stanzas based on the nature of the 'to' address, refer to Section 11.
3726 9.1.1.1. Client-to-Server Streams
3728 The following rules apply to inclusion of the 'to' attribute in the
3729 context of XML streams qualified by the 'jabber:client' namespace
3730 (i.e., client-to-server streams).
3732 1. A stanza with a specific intended recipient MUST possess a 'to'
3733 attribute whose value is an XMPP address.
3734 2. A stanza sent from a client to a server for direct processing by
3735 the server on behalf of the client (e.g., presence sent to the
3736 server for broadcasting to other entities) MUST NOT possess a
3737 'to' attribute.
3739 9.1.1.2. Server-to-Server Streams
3741 The following rules apply to inclusion of the 'to' attribute in the
3742 context of XML streams qualified by the 'jabber:server' namespace
3743 (i.e., server-to-server streams).
3745 1. A stanza MUST possess a 'to' attribute whose value is an XMPP
3746 address; if a server receives a stanza that does not meet this
3747 restriction, it MUST generate an stream
3748 error.
3749 2. The domain identifier portion of the JID in the 'to' atttribute
3750 MUST match a hostname serviced by the receiving server; if a
3751 server receives a stanza that does not meet this restriction, it
3752 MUST generate a or stream error.
3754 9.1.2. from
3756 The 'from' attribute specifies the JID of the sender.
3758
3760 Art thou not Romeo, and a Montague?
3761
3763 9.1.2.1. Client-to-Server Streams
3765 The following rules apply to the 'from' attribute in the context of
3766 XML streams qualified by the 'jabber:client' namespace (i.e., client-
3767 to-server streams).
3769 1. When the server receives an XML stanza from a client and the
3770 stanza does not include a 'from' attribute, the server MUST add a
3771 'from' attribute to the stanza, where the value of the 'from'
3772 attribute is the full JID () determined by
3773 the server for the connected resource that generated the stanza
3774 (see Section 3.5), or the bare JID () in the case of
3775 subscription-related presence stanzas (see [XMPP-IM]); the only
3776 exception to this rule occurs when multiple resources are bound
3777 to the same stream as described under Section 8.6.
3778 2. When the server receives an XML stanza from a client and the
3779 stanza includes a 'from' attribute, the server MUST either (a)
3780 validate that the value of the 'from' attribute provided by the
3781 client is that of a connected resource for the associated entity
3782 or (b) override the provided 'from' attribute by adding a 'from'
3783 attribute as specified under Rule #1.
3784 3. When the server generates a stanza from the server for delivery
3785 to the client on behalf of the account of the connected client
3786 (e.g., in the context of data storage services provided by the
3787 server on behalf of the client), the stanza MUST either (a) not
3788 include a 'from' attribute or (b) include a 'from' attribute
3789 whose value is the account's bare JID ().
3790 4. When the server generates a stanza from the server itself for
3791 delivery to the client, the stanza MUST include a 'from'
3792 attribute whose value is the bare JID (i.e., ) of the
3793 server.
3794 5. A server MUST NOT send to the client a stanza without a 'from'
3795 attribute if the stanza was not generated by the server (e.g., if
3796 it was generated by another client or another server); therefore,
3797 when a client receives a stanza that does not include a 'from'
3798 attribute, it MUST assume that the stanza is from the server to
3799 which the client is connected.
3801 9.1.2.2. Server-to-Server Streams
3803 The following rules apply to the 'from' attribute in the context of
3804 XML streams qualified by the 'jabber:server' namespace (i.e., server-
3805 to-server streams).
3807 1. A stanza MUST possess a 'from' attribute whose value is an XMPP
3808 address; if a server receives a stanza that does not meet this
3809 restriction, it MUST generate an stream
3810 error.
3812 2. The domain identifier portion of the JID contained in the 'from'
3813 attribute MUST match the hostname of the sending server (or any
3814 validated domain thereof) as communicated in the SASL negotiation
3815 (see Section 7), server dialback (see [XEP-0220], or similar
3816 means; if a server receives a stanza that does not meet this
3817 restriction, it MUST generate an stream error.
3819 Enforcement of these rules helps to prevent certain denial of service
3820 attacks as described under Section 15.12.
3822 9.1.3. id
3824 The 'id' attribute MAY be used by a sending entity for internal
3825 tracking of stanzas that it sends and receives (especially for
3826 tracking the request-response interaction inherent in the semantics
3827 of IQ stanzas). The value of the 'id' attribute MAY be unique
3828 globally, within a domain, or within a stream. The semantics of IQ
3829 stanzas impose additional restrictions; see Section 9.2.3.
3831 9.1.4. type
3833 The 'type' attribute specifies the purpose or context of the message,
3834 presence, or IQ stanza. The particular allowable values for the
3835 'type' attribute vary depending on whether the stanza is a message,
3836 presence, or IQ stanza. The defined values for message and presence
3837 stanzas are specific to instant messaging and presence applications
3838 and therefore are specified in [XMPP-IM], whereas the values for IQ
3839 stanzas specify the role of an IQ stanza in a structured request-
3840 response exchange and therefore are specified under Section 9.2.3.
3841 The only 'type' value common to all three stanzas is "error"; see
3842 Section 9.3.
3844 9.1.5. xml:lang
3846 A stanza SHOULD possess an 'xml:lang' attribute (as defined in
3847 Section 2.12 of [XML]) if the stanza contains XML character data that
3848 is intended to be presented to a human user (as explained in
3849 [CHARSET], "internationalization is for humans"). The value of the
3850 'xml:lang' attribute specifies the default language of any such
3851 human-readable XML character data.
3853
3854 dnd
3855 Wooing Juliet
3856
3858 The value of the 'xml:lang' attribute MAY be overridden by the 'xml:
3859 lang' attribute of a specific child element.
3861
3862 dnd
3863 Wooing Juliet
3864 Dvořím se Julii
3865
3873 dnd
3874 Wooing Juliet
3875
3877 S:
3880 dnd
3881 Wooing Juliet
3882
3884 If an inbound stanza received received by a client or server does not
3885 possess an 'xml:lang' attribute, an implementation MUST assume that
3886 the default language is that specified for the stream as defined
3887 under Section 5.3.4.
3889 The value of the 'xml:lang' attribute MUST conform to the NMTOKEN
3890 datatype (as defined in Section 2.3 of [XML]) and MUST conform to the
3891 format defined in [LANGTAGS].
3893 A server MUST NOT modify or delete 'xml:lang' attributes on stanzas
3894 it receives from other entities.
3896 9.2. Basic Semantics
3898 9.2.1. Message Semantics
3900 The stanza can be seen as a "push" mechanism whereby one
3901 entity pushes information to another entity, similar to the
3902 communications that occur in a system such as email. All message
3903 stanzas SHOULD possess a 'to' attribute that specifies the intended
3904 recipient of the message; upon receiving such a stanza, a server
3905 SHOULD route or deliver it to the intended recipient (see Section 11
3906 for general routing and delivery rules related to XML stanzas).
3908 9.2.2. Presence Semantics
3910 The stanza can be seen as a specialized broadcast or
3911 "publish-subscribe" mechanism, whereby multiple entities receive
3912 information (in this case, network availability information) about an
3913 entity to which they have subscribed. In general, a publishing
3914 entity (client) SHOULD send a presence stanza with no 'to' attribute,
3915 in which case the server to which the entity is connected SHOULD
3916 broadcast or multiplex that stanza to all subscribed entities.
3917 However, a publishing entity MAY also send a presence stanza with a
3918 'to' attribute, in which case the server SHOULD route or deliver that
3919 stanza to the intended recipient. See Section 11 for general routing
3920 and delivery rules related to XML stanzas, and [XMPP-IM] for rules
3921 specific to presence applications.
3923 9.2.3. IQ Semantics
3925 Info/Query, or IQ, is a request-response mechanism, similar in some
3926 ways to the Hypertext Transfer Protocol [HTTP]. The semantics of IQ
3927 enable an entity to make a request of, and receive a response from,
3928 another entity. The data content of the request and response is
3929 defined by the schema or other structural definition associated with
3930 the XML namespace that qualifies the direct child element of the IQ
3931 element (see Section 9.4), and the interaction is tracked by the
3932 requesting entity through use of the 'id' attribute. Thus, IQ
3933 interactions follow a common pattern of structured data exchange such
3934 as get/result or set/result (although an error can be returned in
3935 reply to a request if appropriate):
3937 Requesting Responding
3938 Entity Entity
3939 ---------- ----------
3940 | |
3941 | |
3942 | [ ... payload ... ] |
3943 | |
3944 | -------------------------> |
3945 | |
3946 | |
3947 | [ ... payload ... ] |
3948 | |
3949 | <------------------------- |
3950 | |
3951 | |
3952 | [ ... payload ... ] |
3953 | |
3954 | -------------------------> |
3955 | |
3956 | |
3957 | [ ... condition ... ] |
3958 | |
3959 | <------------------------- |
3960 | |
3962 To enforce these semantics, the following rules apply:
3964 1. The 'id' attribute is REQUIRED for IQ stanzas.
3965 2. The 'type' attribute is REQUIRED for IQ stanzas. The value MUST
3966 be one of the following (if the value is other than one of the
3967 following strings, the recipient or an intermediate router MUST
3968 return a stanza error of ):
3969 * get -- The stanza requests information, inquires about what
3970 data is needed in order to complete further operations, etc.
3971 * set -- The stanza provides data that is needed for an
3972 operation to be completed, sets new values, replaces existing
3973 values, etc.
3974 * result -- The stanza is a response to a successful get or set
3975 request.
3976 * error -- The stanza reports an error that has occurred
3977 regarding processing or delivery of a previously-sent get or
3978 set request (see Section 9.3).
3979 3. An entity that receives an IQ request of type "get" or "set" MUST
3980 reply with an IQ response of type "result" or "error". The
3981 response MUST preserve the 'id' attribute of the request.
3982 4. An entity that receives a stanza of type "result" or "error" MUST
3983 NOT respond to the stanza by sending a further IQ response of
3984 type "result" or "error"; however, the requesting entity MAY send
3985 another request (e.g., an IQ of type "set" to provide required
3986 information discovered through a get/result pair).
3987 5. An IQ stanza of type "get" or "set" MUST contain exactly one
3988 child element, which specifies the semantics of the particular
3989 request.
3990 6. An IQ stanza of type "result" MUST include zero or one child
3991 elements.
3992 7. An IQ stanza of type "error" MAY include the child element
3993 contained in the associated "get" or "set" and MUST include an
3994 child; for details, see Section 9.3.
3996 9.3. Stanza Errors
3998 Stanza-related errors are handled in a manner similar to stream
3999 errors (Section 5.8). Unlike stream errors, stanza errors are
4000 recoverable; therefore they do not result in termination of the XML
4001 stream and underlying TCP connection. Instead, the entity that
4002 discovers the error condition returns an ERROR STANZA to the sender,
4003 i.e., a stanza of the same kind (message, presence, or IQ) whose
4004 'type' attribute is set to a value of "error" and which contains an
4005 child element that specifies the error condition. The
4006 specified error condition provides a hint regarding actions that the
4007 sender can take to remedy the error if possible.
4009 9.3.1. Rules
4011 The following rules apply to stanza errors:
4013 1. The receiving or processing entity that detects an error
4014 condition in relation to a stanza SHOULD return an error stanza
4015 (and MUST do so for IQ stanzas).
4016 2. The entity that generates an error stanza MAY include the
4017 original XML sent so that the sender can inspect and, if
4018 necessary, correct the XML before attempting to resend.
4019 3. An error stanza MUST contain an child element.
4020 4. An child MUST NOT be included if the 'type' attribute
4021 has a value other than "error" (or if there is no 'type'
4022 attribute).
4023 5. An entity that receives an error stanza MUST NOT respond to the
4024 stanza with a further error stanza; this helps to prevent
4025 looping.
4027 9.3.2. Syntax
4029 The syntax for stanza-related errors is:
4031
4032 [OPTIONAL to include sender XML here]
4033
4034
4035 [
4037 OPTIONAL descriptive text
4038 ]
4039 [OPTIONAL application-specific condition element]
4040
4041
4043 The "stanza-kind" MUST be one of message, presence, or iq.
4045 The "error-type MUST be one of the following:
4047 o auth -- retry after providing credentials
4048 o cancel -- do not retry (the error cannot be remedied)
4049 o continue -- proceed (the condition was only a warning)
4050 o modify -- retry after changing the data sent
4051 o wait -- retry after waiting (the error is temporary)
4053 The element:
4055 o MUST contain a child element corresponding to one of the stanza
4056 error conditions defined under Section 9.3.3; this element MUST be
4057 qualified by the 'urn:ietf:params:xml:ns:xmpp-stanzas' namespace.
4058 o MAY contain a child element containing XML character data
4059 that describes the error in more detail; this element MUST be
4060 qualified by the 'urn:ietf:params:xml:ns:xmpp-stanzas' namespace
4061 and SHOULD possess an 'xml:lang' attribute specifying the natural
4062 language of the XML character data.
4063 o MAY contain a child element for an application-specific error
4064 condition; this element MUST be qualified by an application-
4065 specific namespace that defines the syntax and semantics of the
4066 element.
4068 The element is OPTIONAL. If included, it MUST be used only
4069 to provide descriptive or diagnostic information that supplements the
4070 meaning of a defined condition or application-specific condition. It
4071 MUST NOT be interpreted programmatically by an application. It MUST
4072 NOT be used as the error message presented to a human user, but MAY
4073 be shown in addition to the error message associated with the defined
4074 condition element (and, optionally, the application-specific
4075 condition element).
4077 9.3.3. Defined Conditions
4079 The following conditions are defined for use in stanza errors.
4081 9.3.3.1. bad-request
4083 The sender has sent a stanza containing XML that does not conform to
4084 the appropriate schema or that cannot be processed (e.g., an IQ
4085 stanza that includes an unrecognized value of the 'type' attribute,
4086 or an element that is qualified by a recognized namespace but that
4087 violates the defined syntax for the element); the associated error
4088 type SHOULD be "modify".
4090 C:
4094
4095
4097 S:
4101
4102
4103
4104
4106 9.3.3.2. conflict
4108 Access cannot be granted because an existing resource exists with the
4109 same name or address; the associated error type SHOULD be "cancel".
4111 C:
4112
4113 balcony
4114
4115
4117 S:
4118
4119
4120
4121
4123 9.3.3.3. feature-not-implemented
4125 The feature represented in the XML stanza is not implemented by the
4126 intended recipient or an intermediate server and therefore the stanza
4127 cannot be processed (e.g., the entity understands the namespace but
4128 does not recognize the element name); the associated error type
4129 SHOULD be "cancel" or "modify".
4131 C:
4135
4136
4137
4138
4140 E:
4144
4145
4147
4150
4151
4153 9.3.3.4. forbidden
4155 The requesting entity does not possess the required permissions to
4156 perform the action; the associated error type SHOULD be "auth".
4158 C:
4161
4162
4164 E:
4168
4169
4170
4172
4174 9.3.3.5. gone
4176 The recipient or server can no longer be contacted at this address,
4177 typically on a permanent basis, and no updated address is available
4178 for forwarding or redirection; the associated error type SHOULD be
4179 "cancel" or "modify" and the error stanza SHOULD include a new
4180 address as the XML character data of the element (which MUST
4181 be a URI or IRI at which the entity can be contacted, typically an
4182 XMPP IRI as specified in [XMPP-URI]).
4184 C:
4187
4188
4190 E:
4194
4195
4196 xmpp:conference.example.com
4197
4198
4199
4201 9.3.3.6. internal-server-error
4203 The server could not process the stanza because of a misconfiguration
4204 or an otherwise-undefined internal server error; the associated error
4205 type SHOULD be "wait" or "cancel".
4207 C:
4210
4211
4213 E:
4217
4218
4220
4221
4223 9.3.3.7. item-not-found
4225 The addressed JID or item requested cannot be found; the associated
4226 error type SHOULD be "cancel" or "modify".
4228 C:
4229
4230 someresource
4231
4232
4234 S:
4235
4236
4237
4238
4240 Note: An application MUST NOT return this error if doing so would
4241 provide information about the intended recipient's network
4242 availability to an entity that is not authorized to know such
4243 information; instead it MUST return a
4244 error.
4246 9.3.3.8. jid-malformed
4248 The sending entity has provided or communicated an XMPP address
4249 (e.g., a value of the 'to' attribute) or aspect thereof (e.g., an
4250 XMPP resource identifier) that does not adhere to the syntax defined
4251 under Section 3; the associated error type SHOULD be "modify".
4253 C:
4256
4257
4259 E:
4263
4264
4266
4267
4269 9.3.3.9. not-acceptable
4271 The recipient or server understands the request but is refusing to
4272 process it because it does not meet criteria defined by the recipient
4273 or server (e.g., a local policy regarding stanza size limits or
4274 acceptable words in messages); the associated error type SHOULD be
4275 "modify".
4277 C:
4278 [ ... the-emacs-manual ... ]
4279
4281 S:
4282
4283
4285
4286
4288 9.3.3.10. not-allowed
4290 The recipient or server does not allow any entity to perform the
4291 action (e.g., sending to entities at a blacklisted domain); the
4292 associated error type SHOULD be "cancel".
4294 C:
4297
4298
4300 E:
4303
4304
4305
4306
4308 9.3.3.11. not-authorized
4310 The sender needs to provide proper credentials before being allowed
4311 to perform the action, or has provided improper credentials; the
4312 associated error type SHOULD be "auth".
4314 C:
4317
4318
4320 E:
4323
4324
4325
4326
4328 9.3.3.12. not-modified
4330 The item requested has not changed since it was last requested; the
4331 associated error type SHOULD be "continue".
4333 C:
4336
4337
4338
4339 some-long-opaque-string
4340
4341
4342
4343
4345 S:
4348
4349
4350
4351 some-long-opaque-string
4352
4353
4354
4355
4356
4357
4358
4360 9.3.3.13. payment-required
4362 The requesting entity is not authorized to access the requested
4363 service because payment is required; the associated error type SHOULD
4364 be "auth".
4366 C:
4370
4371
4372
4373
4375 E:
4379
4380
4382
4383
4385 9.3.3.14. recipient-unavailable
4387 The intended recipient is temporarily unavailable; the associated
4388 error type SHOULD be "wait".
4390 C:
4393
4394
4396 E:
4399
4400
4402
4403
4405 Note: An application MUST NOT return this error if doing so would
4406 provide information about the intended recipient's network
4407 availability to an entity that is not authorized to know such
4408 information; instead it MUST return a
4409 error.
4411 9.3.3.15. redirect
4413 The recipient or server is redirecting requests for this information
4414 to another entity, typically in a temporary fashion (the
4415 condition is used for permanent addressing failures); the associated
4416 error type SHOULD be "modify" and the error stanza SHOULD contain the
4417 alternate address in the XML character data of the
4418 element (which MUST be a URI or IRI at which the entity can be
4419 contacted, typically an XMPP IRI as specified in [XMPP-URI]).
4421 C:
4424
4425
4427 E:
4431
4432
4433 xmpp:characters@conference.example.org
4434
4435
4436
4438 9.3.3.16. registration-required
4440 The requesting entity is not authorized to access the requested
4441 service because prior registration is required; the associated error
4442 type SHOULD be "auth".
4444 C:
4447
4448
4450 E:
4453
4454
4456
4457
4459 9.3.3.17. remote-server-not-found
4461 A remote server or service specified as part or all of the JID of the
4462 intended recipient does not exist; the associated error type SHOULD
4463 be "cancel".
4465 C:
4468
4469
4471 E:
4474
4475
4477
4478
4480 9.3.3.18. remote-server-timeout
4482 A remote server or service specified as part or all of the JID of the
4483 intended recipient (or required to fulfill a request) could not be
4484 contacted within a reasonable amount of time; the associated error
4485 type SHOULD be "wait".
4487 C:
4490
4491
4493 E:
4496
4497
4499
4500
4502 9.3.3.19. resource-constraint
4504 The server or recipient lacks the system resources necessary to
4505 service the request; the associated error type SHOULD be "wait".
4507 C:
4511
4512
4513
4514
4516 E:
4520
4521
4523
4524
4526 9.3.3.20. service-unavailable
4528 The server or recipient does not currently provide the requested
4529 service; the associated error type SHOULD be "cancel".
4531 C:
4533 Hello?
4534
4536 S:
4538
4539
4541
4542
4544 An application MUST return a error instead of
4545 or if sending one of the
4546 latter errors would provide information about the intended
4547 recipient's network availability to an entity that is not authorized
4548 to know such information.
4550 9.3.3.21. subscription-required
4552 The requesting entity is not authorized to access the requested
4553 service because a prior subscription is required; the associated
4554 error type SHOULD be "auth".
4556 C: help
4560
4562 E:
4566
4567
4569
4570
4572 9.3.3.22. undefined-condition
4574 The error condition is not one of those defined by the other
4575 conditions in this list; any error type can be associated with this
4576 condition, and it SHOULD be used only in conjunction with an
4577 application-specific condition.
4579 C:
4583 My lord, dispatch; read o'er these articles.
4584
4585
4588
4590 S:
4594
4598
4601
4602
4603
4605
4606
4609
4610
4611
4613 9.3.3.23. unexpected-request
4615 The recipient or server understood the request but was not expecting
4616 it at this time (e.g., the request was out of order); the associated
4617 error type SHOULD be "wait" or "modify".
4619 C:
4623
4624
4627
4628
4630 E:
4634
4635
4637
4639
4640
4642 9.3.3.24. unknown-sender
4644 The stanza 'from' address specified by a connected client is not
4645 valid for the stream (e.g., the stanza does not include a 'from'
4646 address when multiple resources are bound to the stream as described
4647 under Section 8.6.4); the associated error type SHOULD be "modify".
4649 C:
4650 Wherefore art thou?
4651
4653 S:
4655 Wherefore art thou?
4656
4657
4658
4659
4661 9.3.4. Application-Specific Conditions
4663 As noted, an application MAY provide application-specific stanza
4664 error information by including a properly-namespaced child in the
4665 error element. The application-specific element SHOULD supplement or
4666 further qualify a defined element. Thus, the element will
4667 contain two or three child elements.
4669
4670
4671
4672
4673
4674
4676
4677
4678
4680
4682 [ ... application-specific information ... ]
4683
4684
4685
4686
4688 An entity that receives an application-specific error condition it
4689 does not understand MUST ignore the condition.
4691 9.4. Extended Content
4693 While the message, presence, and IQ stanzas provide basic semantics
4694 for messaging, availability, and request-response interactions, XMPP
4695 uses XML namespaces (see [XML-NAMES] to extend the basic stanza
4696 syntax for the purpose of providing additional functionality. Thus a
4697 message or presence stanza MAY contain one or more optional child
4698 elements specifying content that extends the meaning of the message
4699 (e.g., an XHTML-formatted version of the message body as described in
4700 [XEP-0071]), and an IQ stanza of type "get" or "set" MUST contain one
4701 such child element. This child element MAY have any name and MUST
4702 possess a namespace declaration (other than "jabber:client", "jabber:
4703 server", or "http://etherx.jabber.org/streams") that defines all data
4704 contained within the child element. Such a child element is said to
4705 be EXTENDED CONTENT and its namespace name is said to be an EXTENDED
4706 NAMESPACE.
4708 Support for any given extended namespace is OPTIONAL on the part of
4709 any implementation. If an entity does not understand such a
4710 namespace, the entity's expected behavior depends on whether the
4711 entity is (1) the recipient or (2) an entity that is routing the
4712 stanza to the recipient.
4714 Recipient: If a recipient receives a stanza that contains a child
4715 element it does not understand, it MUST silently ignore that
4716 particular XML data, i.e., it MUST not process it or present it to
4717 a user or associated application (if any). In particular:
4718 * If an entity receives a message or presence stanza that
4719 contains XML data qualified by a namespace it does not
4720 understand, the portion of the stanza that qualified by the
4721 unknown namespace MUST be ignored.
4722 * If an entity receives a message stanza whose only child element
4723 is qualified by a namespace it does not understand, it MUST
4724 ignore the entire stanza.
4725 * If an entity receives an IQ stanza of type "get" or "set"
4726 containing a child element qualified by a namespace it does not
4727 understand, the entity MUST return an IQ stanza of type "error"
4728 with an error condition of .
4729 Router: If a routing entity (typically a server) handles a stanza
4730 that contains a child element it does not understand, it MUST
4731 ignore the associated XML data by routing or delivering it
4732 untouched to the recipient.
4734 9.5. Stanza Size
4736 XMPP is optimized for the exchange of relatively large numbers of
4737 relatively small stanzas. A client or server MAY enforce a maximum
4738 stanza size. The maximum stanza size MUST NOT be smaller than 10000
4739 bytes, from the opening "<" character to the closing ">" character.
4740 If an entity receives a stanza that exceeds its maximum stanza size,
4741 it MUST return a stanza error or a stream error.
4744 10. Examples
4746 10.1. Client-to-Server
4748 The following examples show the XMPP data flow for a client
4749 negotiating an XML stream with a server, exchanging XML stanzas, and
4750 closing the negotiated stream. The server is "im.example.com", the
4751 server requires use of TLS, the client authenticates via the SASL
4752 PLAIN mechanism as "juliet@im.example.com", and the client binds a
4753 client-submitted resource to the stream. It is assumed that before
4754 sending the initial stream header, the client has already resolved an
4755 SRV record of _xmpp-client._tcp.im.example.com and has opened a TCP
4756 connection to the advertised port at the resolved IP address.
4758 Note: The alternate steps shown are provided only to illustrate
4759 the protocol for failure cases; they are not exhaustive and would
4760 not necessarily be triggered by the data sent in the examples.
4762 10.1.1. TLS
4764 Step 1: Client initiates stream to server:
4766 C:
4774 Step 2: Server responds by sending a response stream header to
4775 client:
4777 S:
4790
4791
4792
4793
4795 Step 4: Client sends STARTTLS command to server:
4797 C:
4799 Step 5: Server informs client that it is allowed to proceed:
4801 S:
4803 Step 5 (alt): Server informs client that STARTTLS negotiation has
4804 failed and closes both XML stream and TCP connection:
4806 S:
4808 S:
4809 Step 6: Client and server attempt to complete TLS negotiation over
4810 the existing TCP connection (see [TLS] for details).
4812 Step 7: If TLS negotiation is successful, client initiates a new
4813 stream to server:
4815 C:
4823 Step 7 (alt): If TLS negotiation is unsuccessful, server closes TCP
4824 connection.
4826 10.1.2. SASL
4828 Step 8: Server responds by sending a stream header to client along
4829 with any available stream features:
4831 S:
4841
4842 DIGEST-MD5
4843 PLAIN
4844
4845
4846
4848 Step 9: Client selects an authentication mechanism, in this case
4849 [PLAIN]:
4851 C: UjBtMzBSMGNrcw==
4854 Step 10: Server informs client of success:
4856 S:
4858 Step 10 (alt): Server returns error to client:
4860 S:
4861
4862
4864 Step 11: Client initiates a new stream to server:
4866 C:
4888 S:
4889
4890
4891
4892
4894 Upon being so informed that resource binding is mandatory, the client
4895 needs to bind a resource to the stream; here we assume that the
4896 client submits a human-readable text string.
4898 Step 13: Client binds a resource:
4900 C:
4901
4902 balcony
4903
4904
4906 Step 14: Server accepts submitted resource identifier and informs
4907 client of successful resource binding:
4909 S:
4910
4911
4912 juliet@im.example.com/balcony
4913
4914
4915
4917 10.1.4. Stanza Exchange
4919 Now the client is allowed to send XML stanzas over the negotiated
4920 stream.
4922 C:
4925 Art thou not Romeo, and a Montague?
4926
4928 If necessary, sender's server negotiates XML streams with intended
4929 recipient's server (see Section 10.2).
4931 The intended recipient replies and the message is delivered to the
4932 client.
4934 E:
4937 Neither, fair saint, if either thee dislike.
4938
4940 The client can subsequently send and receive an unbounded number of
4941 subsequent XML stanzas over the stream.
4943 10.1.5. Close
4945 Desiring to send no further messages, the client closes the stream.
4947 C:
4949 Consistent with the recommended stream closing handshake, the server
4950 closes the stream as well:
4952 S:
4954 Client now terminates the underlying TCP connection.
4956 10.2. Server-to-Server Examples
4958 The following examples show the data flow for a server negotiating an
4959 XML stream with another server, exchanging XML stanzas, and closing
4960 the negotiated stream. The initiating server ("Server1") is
4961 im.example.com; the receiving server ("Server2") is example.net and
4962 it requires use of TLS; im.example.com presents a certificate and
4963 authenticates via the SASL EXTERNAL mechanism. It is assumed that
4964 before sending the initial stream header, Server1 has already
4965 resolved an SRV record of _xmpp-server._tcp.example.net and has
4966 opened a TCP connection to the advertised port at the resolved IP
4967 address.
4969 Note: The alternate steps shown are provided only to illustrate
4970 the protocol for failure cases; they are not exhaustive and would
4971 not necessarily be triggered by the data sent in the examples.
4973 10.2.1. TLS
4975 Step 1: Server1 initiates stream to Server2:
4977 S1:
4984 Step 2: Server2 responds by sending a response stream header to
4985 Server1:
4987 S2:
4995 Step 3: Server2 sends stream features to Server1:
4997 S2:
4998
4999
5000
5001
5003 Step 4: Server1 sends the STARTTLS command to Server2:
5005 S1:
5007 Step 5: Server2 informs Server1 that it is allowed to proceed:
5009 S2:
5011 Step 5 (alt): Server2 informs Server1 that STARTTLS negotiation has
5012 failed and closes stream:
5014 S2:
5016 S2:
5018 Step 6: Server1 and Server2 attempt to complete TLS negotiation via
5019 TCP (see [TLS] for details).
5021 Step 7: If TLS negotiation is successful, Server1 initiates a new
5022 stream to Server2:
5024 S1:
5031 Step 7 (alt): If TLS negotiation is unsuccessful, Server2 closes TCP
5032 connection.
5034 10.2.2. SASL
5036 Step 8: Server2 sends a response stream header to Server1 along with
5037 available stream features (including a preference for the SASL
5038 EXTERNAL mechanism):
5040 S2:
5048 S2:
5049
5050 EXTERNAL
5051
5052
5053
5055 Step 9: Server1 selects the EXTERNAL mechanism, in this case with an
5056 authorization identity encoded according to [BASE64]:
5058 S1: eG1wcC5leGFtcGxlLmNvbQ
5061 The decoded authorization identity is "im.example.com".
5063 Step 10: Server2 determines that the authorization identity provided
5064 by Server1 matches the information in the presented certificate and
5065 therefore returns success:
5067 S2:
5069 Step 10 (alt): Server2 informs Server1 of failed authentication:
5071 S2:
5072
5073
5075 S2:
5076 Step 11: Server1 initiates a new stream to Server2:
5078 S1:
5085 Step 12: Server2 responds by sending a stream header to Server1 along
5086 with any additional features (or, in this case, an empty features
5087 element):
5089 S2:
5097 S2:
5099 10.2.3. Stanza Exchange
5101 Now Server1 is allowed to send XML stanzas to Server2 over the
5102 negotiated stream; here we assume that the transferred stanzas are
5103 those shown earlier for client-to-server communication, albeit over a
5104 server-to-server stream qualified by the 'jabber:server' namespace.
5106 Server1 sends XML stanza to Server2:
5108 S1:
5111 Art thou not Romeo, and a Montague?
5112
5114 The intended recipient replies and the message is delivered from
5115 Server2 to Server1.
5117 Server2 sends XML stanza to Server1:
5119 S2:
5122 Neither, fair saint, if either thee dislike.
5123
5125 10.2.4. Close
5127 Desiring to send no further messages, Server1 closes the stream. (In
5128 practice, the stream would most likely remain open for some time,
5129 since Server1 and Server2 do not immediately know if the stream will
5130 be needed for further communication.)
5132 S1:
5134 Consistent with the recommended stream closing handshake, Server2
5135 closes the stream as well:
5137 S2:
5139 Server1 now terminates the underlying TCP connection.
5141 11. Server Rules for Processing XML Stanzas
5143 An XMPP server MUST ensure in-order processing of XML stanzas between
5144 any two entities. This includes stanzas sent by a client to its
5145 server for direct processing by the server (e.g., in-order processing
5146 of a roster get and initial presence as described in [XMPP-IM]).
5148 Beyond the requirement for in-order processing, each server
5149 implementation will contain its own logic for processing stanzas it
5150 receives. Such logic determines whether the server needs to ROUTE a
5151 given stanza to another domain, DELIVER it to a local entity
5152 (typically a connected client associated with a local account), or
5153 HANDLE it directly within the server itself. The following rules
5154 apply.
5156 Note: Particular XMPP applications MAY specify delivery rules that
5157 modify or supplement the following rules; for example, a set of
5158 delivery rules for instant messaging and presence applications is
5159 defined in [XMPP-IM].
5161 11.1. No 'to' Address
5163 11.1.1. Overview
5165 If the stanza possesses no 'to' attribute, the server MUST handle it
5166 directly on behalf of the entity that sent it, where the meaning of
5167 "handle it directly" depends on whether the stanza is message,
5168 presence, or IQ. Because all stanzas received from other servers
5169 MUST possess a 'to' attribute, this rule applies only to stanzas
5170 received from a local entity (such as a client) that is connected to
5171 the server.
5173 11.1.2. Message
5175 If the server receives a message stanza with no 'to' attribute, it
5176 MUST treat the message as if the 'to' address were the bare JID
5177 of the sending entity.
5179 11.1.3. Presence
5181 If the server receives a presence stanza with no 'to' attribute, it
5182 MUST broadcast it to the entities that are subscribed to the sending
5183 entity's presence, if applicable ([XMPP-IM] defines the semantics of
5184 such broadcasting for presence applications).
5186 11.1.4. IQ
5188 If the server receives an IQ stanza with no 'to' attribute, it MUST
5189 process the stanza on behalf of the account from which received the
5190 stanza, as follows:
5192 1. If the IQ stanza is of type "get" or "set" and the server
5193 understands the namespace that qualifies the payload, the server
5194 MUST handle the stanza on behalf of the sending entity or return
5195 an appropriate error to the sending entity. While the meaning of
5196 "handle" is determined by the semantics of the qualifying
5197 namespace, in general the server shall respond to the IQ stanza
5198 of type "get" or "set" by returning an appropriate IQ stanza of
5199 type "result" or "error", responding as if the server were the
5200 bare JID of the sending entity. As an example, if the sending
5201 entity sends an IQ stanza of type "get" where the payload is
5202 qualified by the 'jabber:iq:roster' namespace (as described in
5203 [XMPP-IM]), then the server shall return the roster associated
5204 with the sending entity's bare JID to the particular resource of
5205 the sending entity that requested the roster.
5206 2. If the IQ stanza is of type "get" or "set" and the server does
5207 not understand the namespace that qualifies the payload, the
5208 server MUST return an error to the sending entity, which MUST be
5209 .
5210 3. If the IQ stanza is of type "error" or "result", the server MUST
5211 handle the error or result as appropriate for the request-
5212 response interaction, responding as if the server were the bare
5213 JID of the sending entity.
5215 11.2. Local Domain
5217 If the hostname of the domain identifier portion of the JID contained
5218 in the 'to' attribute matches one of the configured hostnames of the
5219 server itself, the server MUST first determine if the hostname is
5220 serviced by the server or by a specialized local service. If the
5221 latter, the server MUST route the stanza to that service. If the
5222 former, the server MUST proceed as follows.
5224 11.2.1. Mere Domain
5226 If the JID contained in the 'to' attribute is of the form ,
5227 then the server MUST either handle the stanza as appropriate for the
5228 stanza kind or return an error stanza to the sender.
5230 11.2.2. Domain with Resource
5232 If the JID contained in the 'to' attribute is of the form , then the server MUST either handle the stanza as
5234 appropriate for the stanza kind or return an error stanza to the
5235 sender.
5237 11.2.3. Node at Domain
5239 Note: For addresses of this type, more detailed rules in the
5240 context of instant messaging and presence applications are
5241 provided in [XMPP-IM].
5243 11.2.3.1. No Such User
5245 If there is no local account associated with the , how
5246 the stanza shall be processed depends on the stanza type.
5248 o For a message stanza, the server MUST return a stanza error to the sender.
5250 o For a presence stanza, the server SHOULD silently discard the
5251 stanza.
5252 o For an IQ stanza, the server MUST return a
5253 stanza error to the sender.
5255 11.2.3.2. Bare JID
5257 If the JID contained in the 'to' attribute is of the form
5258 , how the stanza shall be processed depends on the
5259 stanza type.
5261 o For a message stanza, if there exists at least one connected
5262 resource for the node the server SHOULD deliver it to at least one
5263 of the connected resources. If there exists no connected
5264 resource, the server MUST either return an error or store the
5265 message offline for delivery when the account next has a connected
5266 resource.
5268 o For a presence stanza, if there exists at least one connected
5269 resource for the node the server SHOULD deliver it to at least one
5270 of the connected resources. If there exists no connected
5271 resource, the server MUST silently discard the stanza.
5272 o For an IQ stanza, the server MUST handle it directly on behalf of
5273 the intended recipient.
5275 11.2.3.3. Full JID
5277 If the JID contained in the 'to' attribute is of the form
5278 and there is no connected resource that
5279 exactly matches the full JID, the stanza shall be processed as if the
5280 JID were of the form .
5282 If the JID contained in the 'to' attribute is of the form
5283 and there is a connected resource that exactly
5284 matches the full JID, the server SHOULD deliver the stanza to that
5285 connected resource.
5287 11.3. Foreign Domain
5289 If the hostname of the domain identifier portion of the JID contained
5290 in the 'to' attribute does not match one of the configured hostnames
5291 of the server itself, the server SHOULD attempt to route the stanza
5292 to the foreign domain (subject to local service provisioning and
5293 security policies regarding inter-domain communication, since such
5294 communication is optional for any given deployment). There are two
5295 possible cases.
5297 11.3.1. Existing Stream
5299 If a server-to-server stream already exists between the two domains,
5300 the sender's server shall attempt to route the stanza to the
5301 authoritative server for the foreign domain over the existing stream.
5303 11.3.2. No Existing Stream
5305 If there exists no server-to-server stream between the two domains,
5306 the sender's server shall proceed as follows:
5308 1. Resolve the hostname of the foreign domain (as defined under
5309 Section 15.4).
5310 2. Negotiate a server-to-server stream between the two domains (as
5311 defined under Section 6 and Section 7).
5312 3. Route the stanza to the authoritative server for the foreign
5313 domain over the newly-established stream.
5315 11.3.3. Error Handling
5317 If routing of a stanza to the intended recipient's server is
5318 unsuccessful, the sender's server MUST return an error to the sender.
5319 If resolution of the foreign domain is unsuccessful, the stanza error
5320 MUST be . If resolution succeeds but
5321 streams cannot be negotiated, the stanza error MUST be .
5324 If stream negotiation with the intended recipient's server is
5325 successful but the foreign server cannot deliver the stanza to the
5326 recipient, the foreign server shall return an appropriate error to
5327 the sender by way of the sender's server.
5329 12. XML Usage
5331 12.1. Restrictions
5333 The Extensible Messaging and Presence Protocol (XMPP) defines a class
5334 of data objects called XML streams as well as the behavior of
5335 computer programs that process XML streams. XMPP is an application
5336 profile or restricted form of the Extensible Markup Language [XML],
5337 and a complete XML stream (including start and end stream tags) is a
5338 conforming XML document.
5340 However, XMPP does not deal with XML documents but with XML streams.
5341 Because XMPP does not require the parsing of arbitrary and complete
5342 XML documents, there is no requirement that XMPP needs to support the
5343 full feature set of [XML]. In particular, the following features of
5344 XML are prohibited in XMPP:
5346 o comments (as defined in Section 2.5 of [XML])
5347 o processing instructions (Section 2.6 therein)
5348 o internal or external DTD subsets (Section 2.8 therein)
5349 o internal or external entity references (Section 4.2 therein) with
5350 the exception of predefined entities (Section 4.6 therein)
5352 An XMPP implementation MUST behave as follows with regard to these
5353 features:
5355 1. An XMPP implementation MUST NOT inject characters matching such
5356 features into an XML stream.
5357 2. If an XMPP implementation receives characters matching such
5358 features over an XML stream, it MUST return a stream error, which
5359 SHOULD be but MAY be .
5361 12.2. XML Namespace Names and Prefixes
5363 XML namespaces (see [XML-NAMES]) are used within XMPP streams to
5364 create strict boundaries of data ownership. The basic function of
5365 namespaces is to separate different vocabularies of XML elements that
5366 are structurally mixed together. Ensuring that XMPP streams are
5367 namespace-aware enables any allowable XML to be structurally mixed
5368 with any data element within XMPP. XMPP-specific rules for XML
5369 namespace names and prefixes are defined in the following
5370 subsections.
5372 12.2.1. Streams Namespace
5374 A streams namespace declaration is REQUIRED in all XML stream headers
5375 and the name of the streams namespace MUST be
5376 'http://etherx.jabber.org/streams'. If this rule is violated, the
5377 entity that receives the offending stream header MUST return a stream
5378 error to the sending entity, which SHOULD be but
5379 MAY be .
5381 The element names of the element and its and
5382 children MUST be qualified by the streams namespace prefix
5383 in all instances. If this rule is violated, the entity that receives
5384 the offending element MUST return a stream error to the sending
5385 entity, which SHOULD be .
5387 An implementation SHOULD generate only the 'stream:' prefix for these
5388 elements, and for historical reasons MAY accept only the 'stream:'
5389 prefix. If an entity receives a stream header with a streams
5390 namespace prefix it does not accept, it MUST return a stream error to
5391 the sending entity, which SHOULD be but MAY
5392 be .
5394 12.2.2. Default Namespace
5396 A default namespace declaration is REQUIRED and defines the allowable
5397 first-level children of the root stream element. This namespace
5398 declaration MUST be the same for the initial stream and the response
5399 stream so that both streams are qualified consistently. The default
5400 namespace declaration applies to the stream and all first-level child
5401 element sent within a stream unless explicitly qualified by the
5402 streams namespace or another namespace.
5404 A server implementation MUST support the following two default
5405 namespaces:
5407 o jabber:client -- this default namespace is declared when the
5408 stream is used for communication between a client and a server
5409 o jabber:server -- this default namespace is declared when the
5410 stream is used for communication between two servers
5412 A client implementation MUST support the 'jabber:client' default
5413 namespace.
5415 If an implementation accepts a stream that is qualified by the
5416 'jabber:client' or 'jabber:server' namespace, it MUST support the
5417 common attributes (Section 9.1) and basic semantics (Section 9.2) of
5418 all three core stanza types (message, presence, and IQ).
5420 For historical reasons, an implementation MAY refuse to support any
5421 other default namespaces. If an entity receives a stream header with
5422 a default namespace it does not support, it MUST return an stream error.
5425 An implementation MUST NOT generate namespace prefixes for elements
5426 qualified by the default namespace if the default namespace is
5427 'jabber:client' or 'jabber:server'.
5429 Note: The 'jabber:client' and 'jabber:server' namespaces are
5430 nearly identical but are used in different contexts (client-to-
5431 server communication for 'jabber:client' and server-to-server
5432 communication for 'jabber:server'). The only difference between
5433 the two is that the 'to' and 'from' attributes are OPTIONAL on
5434 stanzas sent over XML streams qualified by the 'jabber:client'
5435 namespace, whereas they are REQUIRED on stanzas sent over XML
5436 streams qualified by the 'jabber:server' namespace.
5438 An implementation MAY support a default namespace other than "jabber:
5439 client" or "jabber:server". However, because such namespaces would
5440 define applications other than XMPP, they are to be defined in
5441 separate specifications.
5443 12.2.3. Extended Namespaces
5445 An EXTENDED NAMESPACE is an XML namespace that qualifies extended
5446 content as defined under Section 9.4. For example, in the following
5447 stanza, the extended namespace is 'jabber:iq:roster':
5449
5452
5453
5454 An XML stanza MAY contain XML data qualified by more than one
5455 extended namespace, either at the direct child level of the stanza
5456 (for presence and message stanzas) or in any mix of levels (for all
5457 stanzas).
5459
5460
5463
5464 sha1-hash-of-image
5465
5466
5468
5469 Hello?
5470
5471
5472 Hello?
5473
5474
5475
5477
5480
5481
5482 some-long-opaque-string
5483
5484
5485
5487 An implementation SHOULD NOT generate namespace prefixes for elements
5488 qualified by content (as opposed to stream) namespaces other than the
5489 default namespace. However, if included, the namespace declarations
5490 for those prefixes MUST be included on the stanza root or a child
5491 thereof, not at the level of the stream element (this helps to ensure
5492 that any such namespace declaration is routed and delivered with the
5493 stanza, instead of assumed from the stream).
5495 12.3. Well-Formedness
5497 There are two varieties of well-formedness:
5499 o "XML-well-formedness" in accordance with the definition of "well-
5500 formed" in Section 2.1 of [XML].
5501 o "Namespace-well-formedness" in accordance with the definition of
5502 "namespace-well-formed" in Section 7 of [XML-NAMES].
5504 The following rules apply.
5506 An XMPP entity MUST NOT generate data that is not XML-well-formed.
5507 An XMPP entity MUST NOT accept data that is not XML-well-formed;
5508 instead it MUST return an stream error and
5509 close the stream over which the data was received.
5511 An XMPP entity MUST NOT generate data that is not namespace-well-
5512 formed. An XMPP server SHOULD NOT route or deliver data that is not
5513 namespace-well-formed, and SHOULD return a stanza error of in
5515 response to the receipt of such data.
5517 Note: Because these restrictions were underspecified in an earlier
5518 revision of this specification, it is possible that
5519 implementations based on that revision will send data that does
5520 not comply with the restrictions; an entity SHOULD be liberal in
5521 accepting such data.
5523 12.4. Validation
5525 A server is not responsible for ensuring that XML data delivered to a
5526 client or routed to another server is valid, in accordance with the
5527 definition of "valid" provided in Section 2.8 of [XML]. An
5528 implementation MAY choose to accept or provide only validated data,
5529 but such behavior is OPTIONAL. A client SHOULD NOT rely on the
5530 ability to send data that does not conform to the schemas, and SHOULD
5531 ignore any non-conformant elements or attributes on the incoming XML
5532 stream.
5534 Note: The terms "valid" and "well-formed" are distinct in XML.
5536 12.5. Inclusion of Text Declaration
5538 Implementations SHOULD send a text declaration before sending a
5539 stream header. Applications MUST follow the rules provided in [XML]
5540 regarding the circumstances under which a text declaration is
5541 included.
5543 12.6. Character Encoding
5545 Implementations MUST support the UTF-8 transformation of Universal
5546 Character Set [UCS2] characters, as required by [CHARSET] and defined
5547 in [UTF-8]. Implementations MUST NOT attempt to use any other
5548 encoding. If one party to an XML stream detects that the other party
5549 has attempted to send XML data with an encoding other than UTF-8, it
5550 MUST return a stream error, which SHOULD be
5551 by MAY be .
5553 12.7. Whitespace
5555 Except where explicitly disallowed (e.g., during TLS negotiation
5556 (Section 6) and SASL negotiation (Section 7)), either entity MAY send
5557 whitespace within the root stream element as separators between XML
5558 stanzas or between any other first-level elements sent over the
5559 stream. One common use for sending such whitespace is explained
5560 under Section 5.7.3.
5562 12.8. XML Versions
5564 XMPP is an application profile of XML 1.0. A future version of XMPP
5565 might be defined in terms of higher versions of XML, but this
5566 specification addresses XML 1.0 only.
5568 13. Compliance Requirements
5570 This section summarizes the specific aspects of the Extensible
5571 Messaging and Presence Protocol that MUST be supported by servers and
5572 clients in order to be considered compliant implementations, as well
5573 as additional protocol aspects that SHOULD be supported. For
5574 compliance purposes, we draw a distinction between core protocols
5575 (which MUST be supported by any server or client, regardless of the
5576 specific application) and instant messaging and presence protocols
5577 (which MUST be supported only by instant messaging and presence
5578 applications built on top of the core protocols). Compliance
5579 requirements that apply to all servers and clients are specified in
5580 this section; compliance requirements for instant messaging and
5581 presence applications are specified in the corresponding section of
5582 [XMPP-IM].
5584 13.1. Servers
5586 A server MUST support the following core protocols in order to be
5587 considered compliant:
5589 o Conformance with [IDNA] for domain identifiers, the Nodeprep
5590 (Appendix A) profile of [STRINGPREP] for node identifiers, and the
5591 Resourceprep (Appendix B) profile of [STRINGPREP] for resource
5592 identifiers, as well as enforcement thereof for clients that
5593 authenticate with the server
5595 o XML streams (Section 5), including TLS negotiation (Section 6),
5596 SASL negotiation (Section 7), stream features (Section 5.5), and
5597 Resource Binding (Section 8)
5598 o The basic semantics of the three defined stanza types (i.e.,
5599 , , and )
5600 o Generation (and, where appropriate, handling) of error syntax and
5601 semantics related to streams, TLS, SASL, and XML stanzas
5603 For backward compatibility with the large deployed base of XMPP
5604 servers, server developers are advised to implement the server
5605 dialback protocol first specified in [RFC3920] and now documented in
5606 [XEP-0220], since that protocol is widely used for weak identity
5607 verification of peer servers in the absence of domain certificates.
5609 13.2. Clients
5611 A client MUST support the following core protocols in order to be
5612 considered compliant:
5614 o XML streams (Section 5), including TLS negotiation (Section 6),
5615 SASL negotiation (Section 7), stream features (Section 5.5), and
5616 Resource Binding (Section 8)
5617 o The basic semantics of the three defined stanza types (i.e.,
5618 , , and )
5619 o Handling (and, where appropriate, generation) of error syntax and
5620 semantics related to streams, TLS, SASL, and XML stanzas
5622 In addition, a client SHOULD support the following core protocols:
5624 o Conformance with [IDNA] for domain identifiers, the Nodeprep
5625 (Appendix A) profile of [STRINGPREP] for node identifiers, and the
5626 Resourceprep (Appendix B) profile of [STRINGPREP] for resource
5627 identifiers.
5629 14. Internationalization Considerations
5631 As specified under Section 12.6, XML streams MUST be encoded in
5632 UTF-8.
5634 As specified under Section 5.3, an XML stream SHOULD include an 'xml:
5635 lang' attribute specifying the default language for any XML character
5636 data that is intended to be presented to a human user. As specified
5637 under Section 9.1.5, an XML stanza SHOULD include an 'xml:lang'
5638 attribute if the stanza contains XML character data that is intended
5639 to be presented to a human user. A server SHOULD apply the default
5640 'xml:lang' attribute to stanzas it routes or delivers on behalf of
5641 connected entities, and MUST NOT modify or delete 'xml:lang'
5642 attributes on stanzas it receives from other entities.
5644 As specified under Section 3, a server MUST support and enforce
5645 [IDNA] for domain identifiers, the Nodeprep (Appendix A) profile of
5646 [STRINGPREP] for node identifiers, and the Resourceprep (Appendix B)
5647 profile of [STRINGPREP] for resource identifiers; this enables XMPP
5648 addresses to include a wide variety of Unicode characters outside the
5649 US-ASCII range.
5651 15. Security Considerations
5653 15.1. High Security
5655 For the purposes of XMPP communication (client-to-server and server-
5656 to-server), the term "high security" refers to the use of security
5657 technologies that provide both mutual authentication and integrity
5658 checking; in particular, when using certificate-based authentication
5659 to provide high security, a chain-of-trust SHOULD be established out-
5660 of-band, although a shared certification authority signing
5661 certificates could allow a previously unknown certificate to
5662 establish trust in-band. See Section 15.2 regarding certificate
5663 validation procedures.
5665 Implementations MUST support high security. Service provisioning
5666 SHOULD use high security, subject to local security policies.
5668 15.2. Certificates
5670 Channel encryption of an XML stream using Transport Layer Security as
5671 described under Section 6, and in some cases also authentication as
5672 described under Section 7, is commonly based on a digital certificate
5673 presented by the receiving entity (or, in the case of mutual
5674 authentication, both the receiving entity and the initiating entity).
5675 This section describes best practices regarding the generation of
5676 digital certificates to be presented by XMPP entities and the
5677 verification of digital certificates presented by XMPP entities.
5679 15.2.1. Certificate Generation
5681 15.2.1.1. Server Certificates
5683 In a digital certificate to be presented by an XMPP server (i.e., a
5684 SERVER CERTIFICATE), it is RECOMMENDED for the certificate to include
5685 one or more JIDs (i.e., domain identifiers) associated with domains
5686 serviced at the server. The representations described in the
5687 following sections are RECOMMENDED. These representations are
5688 provided in preference order.
5690 15.2.1.1.1. SRVName
5692 A server's domain identifier SHOULD be represented as an SRVName,
5693 i.e., as an otherName field of type "id-on-dnsSRV" as specified in
5694 [X509-SRV].
5696 15.2.1.1.2. dNSName
5698 A server's domain identifier SHOULD be represented as a dNSName,
5699 i.e., as a subjectAltName extension of type dNSName.
5701 The dNSName MAY contain the wildcard character '*'. The wildcard
5702 character applies only to the left-most domain name component or
5703 component fragment and matches any single component or component
5704 fragment. For instance, a dNSName of *.example.com matches
5705 foo.example.com but not bar.foo.example.com or example.com itself;
5706 similarly, a dNSName of im*.example.net matches im1.example.net and
5707 im2.example.net but not chat.example.net or example.net itself.
5709 15.2.1.1.3. XmppAddr
5711 A server's domain identifier MAY be represented as an XmppAddr, i.e.,
5712 as a UTF8String within an otherName entity inside the subjectAltName,
5713 using the [ASN.1] Object Identifier "id-on-xmppAddr" specified under
5714 Section 15.2.1.3. In server certificates, this representation is
5715 included only for the sake of backward-compatibility.
5717 15.2.1.1.4. Common Name
5719 A server's domain identifier SHOULD NOT be represented as a Common
5720 Name; instead, the Common Name field SHOULD be reserved for
5721 representation of a human-friendly name.
5723 15.2.1.1.5. Examples
5725 For our first (relatively simple) example, consider a company called
5726 "Example Products, Inc." It hosts an XMPP service at
5727 "im.example.com" (i.e., user addresses at the service are of the form
5728 "user@im.example.com"), and SRV lookups for the xmpp-client and xmpp-
5729 server services at "im.example.com" yield one machine, called
5730 "x.example.com", as follows:
5732 _xmpp-client._tcp.im.example.com. 400 IN SRV 20 0 5222 x.example.com
5733 _xmpp-server._tcp.im.example.com. 400 IN SRV 20 0 5269 x.example.com
5735 The certificate presented by x.example.com contains the following
5736 representations:
5738 o An otherName type of SRVName (id-on-dnsSRV) containing an
5739 IA5String (ASCII) string of: "_xmpp-client.im.example.com"
5740 o An otherName type of SRVName (id-on-dnsSRV) containing an
5741 IA5String (ASCII) string of: "_xmpp-server.im.example.com"
5742 o A dNSName containing an ASCII string of "im.example.com"
5743 o An otherName type of XmppAddr (id-on-xmppAddr) containing a UTF-8
5744 string of: "im.example.com"
5745 o A CN containing an ASCII string of "Example Products, Inc."
5747 For our second (more complex) example, consider an ISP called
5748 "Example Internet Services". It hosts an XMPP service at
5749 "example.net" (i.e., user addresses at the service are of the form
5750 "user@example.net"), but SRV lookups for the xmpp-client and xmpp-
5751 server services at "example.net" yield two machines ("x1.example.net"
5752 and "x2.example.net"), as follows:
5754 _xmpp-client._tcp.example.net. 68400 IN SRV 20 0 5222 x1.example.net.
5755 _xmpp-client._tcp.example.net. 68400 IN SRV 20 0 5222 x2.example.net.
5756 _xmpp-server._tcp.example.net. 68400 IN SRV 20 0 5269 x1.example.net.
5757 _xmpp-server._tcp.example.net. 68400 IN SRV 20 0 5269 x2.example.net.
5759 Example Internet Services also hosts chatrooms at chat.example.net,
5760 and provides an xmpp-server SRV record for that service as well (thus
5761 enabling entity from foreign domains to access that service). It
5762 also might provide other such services in the future, so it wishes to
5763 represent a wildcard in its certificate to handle such growth.
5765 The certificate presented by either x1.example.net or x2.example.net
5766 contains the following representations:
5768 o An otherName type of SRVName (id-on-dnsSRV) containing an
5769 IA5String (ASCII) string of: "_xmpp-client.example.net"
5770 o An otherName type of SRVName (id-on-dnsSRV) containing an
5771 IA5String (ASCII) string of: "_xmpp-server.example.net"
5772 o An otherName type of SRVName (id-on-dnsSRV) containing an
5773 IA5String (ASCII) string of: "_xmpp-server.chat.example.net"
5774 o A dNSName containing an ASCII string of "example.net"
5775 o A dNSName containing an ASCII string of "*.example.net"
5776 o An otherName type of XmppAddr (id-on-xmppAddr) containing a UTF-8
5777 string of: "example.net"
5778 o An otherName type of XmppAddr (id-on-xmppAddr) containing a UTF-8
5779 string of: "chat.example.net"
5780 o A CN containing an ASCII string of "Example Internet Services"
5782 15.2.1.2. Client Certificates
5784 In a digital certificate to be presented by an XMPP client controlled
5785 by a human user (i.e., a CLIENT CERTIFICATE), it is RECOMMENDED for
5786 the certificate to include one or more JIDs associated with an XMPP
5787 user. If included, a JID MUST be represented as an XmppAddr, i.e.,
5788 as a UTF8String within an otherName entity inside the subjectAltName,
5789 using the [ASN.1] Object Identifier "id-on-xmppAddr" specified under
5790 Section 15.2.1.3.
5792 15.2.1.3. ASN.1 Object Identifier
5794 The [ASN.1] Object Identifier "id-on-xmppAddr" (also called an
5795 XmppAddr) is defined as follows.
5797 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
5798 dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
5800 id-on OBJECT IDENTIFIER ::= { id-pkix 8 } -- other name forms
5802 id-on-xmppAddr OBJECT IDENTIFIER ::= { id-on 5 }
5804 XmppAddr ::= UTF8String
5806 As an alternative to the "id-on-xmppAddr" notation, this Object
5807 Identifier MAY be represented in dotted display format (i.e.,
5808 "1.3.6.1.5.5.7.8.5") or in the Uniform Resource Name notation
5809 specified in [URN-OID] (i.e., "urn:oid:1.3.6.1.5.5.7.8.5").
5811 Thus for example the JID "juliet@im.example.com" as included in a
5812 certificate could be formatted in any of the following three ways:
5814 id-on-xmppAddr:
5815 subjectAltName=otherName:id-on-xmppAddr;UTF8:juliet@im.example.com
5816 dotted display format: subjectAltName=otherName:
5817 1.3.6.1.5.5.7.8.5;UTF8:juliet@im.example.com
5818 URN notation: subjectAltName=otherName:urn:oid:
5819 1.3.6.1.5.5.7.8.5;UTF8:juliet@im.example.com
5821 Use of the "id-on-xmppAddr" format is RECOMMENDED in the generation
5822 of certificates, but all three formats MUST be supported for the
5823 purpose of certificate validation.
5825 15.2.2. Certificate Validation
5827 When an XMPP entity is presented with a server certificate or client
5828 certificate by a peer for the purpose of encryption or authentication
5829 of XML streams as described under Section 6 and Section 7, the entity
5830 MUST validate the certificate to determine if the certificate shall
5831 be considered a TRUSTED CERTIFICATE, i.e., a certificate that is
5832 acceptable for encryption and/or authentication in accordance with
5833 the XMPP entity's local service policies or configured settings.
5835 For both server certificates and client certificates, the validating
5836 entity MUST verify the integrity of the certificate, MUST verify that
5837 the certificate has been properly signed by the issuing Certificate
5838 Authority, and MUST support certificate revocation messages. An
5839 implementation MUST enable a human user to view information about the
5840 full chain of certificates.
5842 The following sections describe certificate validation rules for
5843 server-to-server and client-to-server streams.
5845 15.2.2.1. Server-to-Server Streams
5847 When an XMPP entity (client or server) validates a certificate
5848 presented by an XMPP server, there are three possible cases, as
5849 discussed in the following sections.
5851 15.2.2.1.1. Case #1
5853 If the server certificate appears to be certified by a chain of
5854 certificates terminating in a trust anchor (as described in Section
5855 6.1 of [X509]), the entity MUST check the certificate for any
5856 instances of the SRVName, dNSName, and XmppAddr (in that order of
5857 preference) as described under Section 15.2.1.1.1,
5858 Section 15.2.1.1.2, and Section 15.2.1.1.3. There are three possible
5859 sub-cases:
5861 Sub-Case #1: The entity finds at least one SRVName, dNSName, or
5862 XmppAddr that matches the hostname to which it attempted to
5863 connect; the entity MUST use this represented domain identifier as
5864 the validated identity of the XMPP server. The server certificate
5865 MUST be checked against the hostname as provided by the entity
5866 (client or server), not the hostname as resolved via the Domain
5867 Name System; e.g., if a user specifies a hostname of "example.net"
5868 but a [DNS-SRV] lookup returns "x1.example.net", the certificate
5869 MUST be checked as "example.net". A user-oriented client MAY
5870 provide a configuration setting that enables a human user to
5871 explicitly specify a hostname to be checked for connection
5872 purposes.
5873 Sub-Case #2: The entity finds no SRVName, dNSName, or XmppAddr that
5874 matches the hostname to which it attempted to connect and a human
5875 user has not permanently accepted the certificate during a
5876 previous connection attempt; the entity MUST NOT use the
5877 represented domain identifier (if any) as the validated identity
5878 of the XMPP server. Instead, if the connecting entity is a user-
5879 oriented client then it MUST either (1) automatically terminate
5880 the connection with a bad certificate error or (2) show the
5881 certificate (including the entire certificate chain) to the user
5882 and give the user the choice of terminating the connecting or
5883 accepting the certificate temporarily (i.e., for this connection
5884 attempt only) or permanently (i.e., for all future connection
5885 attempts) and then continuing with the connection; if a user
5886 permanently accepts a certificate in this way, the client MUST
5887 cache the certificate (or some non-forgeable representation such
5888 as a hash) and in future connection attempts behave as in Sub-Case
5889 #3. (It is the resposibility of the human user to verify the hash
5890 or fingerprint of the certificate with the peer over a trusted
5891 communication layer.) If the connecting entity is an XMPP server
5892 or an automated client, the application SHOULD terminate the
5893 connection (with a bad certificate error) and log the error to an
5894 appropriate audit log; an XMPP server or automated client MAY
5895 provide a configuration setting that disables this check, but MUST
5896 provide a setting that enables the check.
5897 Sub-Case #3: The entity finds no SRVName, dNSName, or XmppAddr that
5898 matches the hostname to which it attempted to connect but a human
5899 user has permanently accepted the certificate during a previous
5900 connection attempt; the entity MUST verify that the cached
5901 certificate was presented and MUST notify the user if the
5902 certificate has changed.
5904 15.2.2.1.2. Case #2
5906 If the server certificate is certified by a Certificate Authority not
5907 known to the entity, the entity MUST proceed as under Case #1, Sub-
5908 Case #2 or Case #1, Sub-Case #3 as appropriate.
5910 15.2.2.1.3. Case #3
5912 If the server certificate is self-signed, the entity MUST proceed as
5913 under Case #1, Sub-Case #2 or Case #1, Sub-Case #3 as appropriate.
5915 15.2.2.2. Client-to-Server Streams
5917 When an XMPP server validates a certificate presented by a client,
5918 there are three possible cases, as discussed in the following
5919 sections.
5921 15.2.2.2.1. Case #1
5923 If the client certificate appears to be certified by a chain of
5924 certificates terminating in a trust anchor (as described in Section
5925 6.1 of [X509]), the server MUST check the certificate for any
5926 instances of the XmppAddr as described under Section 15.2.1.3. There
5927 are three possible sub-cases:
5929 Sub-Case #1: The server finds one XmppAddr for which the domain
5930 identifier portion of the represented JID matches one of the
5931 configured hostnames of the server itself; the server SHOULD use
5932 this represented JID as the validated identity of the client.
5933 Sub-Case #2: The server finds more than one XmppAddr for which the
5934 domain identifier portion of the represented JID matches one of
5935 the configured hostnames of the server itself; the server SHOULD
5936 use one of these represented JIDs as the validated identity of the
5937 client, choosing among them according to local service policies or
5938 based on the 'to' address of the initial stream header.
5939 Sub-Case #3: The server finds no XmppAddrs, or finds at least one
5940 XmppAddr but the domain identifier portion of the represented JID
5941 does not match one of the configured hostnames of the server
5942 itself; the server MUST NOT use the represented JID (if any) as
5943 the validated identity of the client but instead MUST either
5944 validate the identity of the client using other means.
5946 15.2.2.2.2. Case #2
5948 If the client certificate is certified by a Certificate Authority not
5949 known to the server, the server MUST proceed as under Case #1, Sub-
5950 Case #3.
5952 15.2.2.2.3. Case #3
5954 If the client certificate is self-signed, the server MUST proceed as
5955 under Case #1, Sub-Case #3.
5957 15.2.2.3. Use of Certificates in XMPP Extensions
5959 Certificates MAY be used in extensions to XMPP for the purpose of
5960 application-layer encryption or authentication above the level of XML
5961 streams (e.g., for end-to-end encryption). Such extensions shall
5962 define their own certificate handling rules, which at a minimum
5963 SHOULD be consistent with the rules specified herein but MAY specify
5964 additional rules.
5966 15.3. Client-to-Server Communication
5968 A compliant client implementation MUST support both TLS and SASL for
5969 connections to a server.
5971 The TLS protocol for encrypting XML streams (defined under Section 6)
5972 provides a reliable mechanism for helping to ensure the
5973 confidentiality and data integrity of data exchanged between two
5974 entities.
5976 The SASL protocol for authenticating XML streams (defined under
5977 Section 7) provides a reliable mechanism for validating that a client
5978 connecting to a server is who it claims to be.
5980 Client-to-server communication MUST NOT proceed until the DNS
5981 hostname asserted by the server has been resolved as specified under
5982 Section 4. If there is a mismatch between the hostname to which a
5983 client attempted to connect (e.g., "example.net") and the hostname to
5984 which the client actually connects (e.g., "x1.example.net"), the
5985 client MUST warn a human user about the mismatch and the human user
5986 MUST approve the connection before the client proceeds; however, the
5987 client MAY also allow the user to add the presented hostname to a
5988 configured set of accepted hostnames to expedite future connections.
5990 A client's IP address and method of access MUST NOT be made public by
5991 a server, nor are any connections other than the original server
5992 connection required. This helps to protect the client's server from
5993 direct attack or identification by third parties.
5995 15.4. Server-to-Server Communication
5997 A compliant server implementation MUST support both TLS and SASL for
5998 inter-domain communication.
6000 Because service provisioning is a matter of policy, it is optional
6001 for any given domain to communicate with other domains, and server-
6002 to-server communication can be disabled by the administrator of any
6003 given deployment. If a particular domain enables inter-domain
6004 communication, it SHOULD enable high security.
6006 Administrators might want to require use of SASL for server-to-server
6007 communication to ensure both authentication and confidentiality
6008 (e.g., on an organization's private network). Compliant
6009 implementations SHOULD support SASL for this purpose.
6011 Server-to-server communication MUST NOT proceed until the DNS
6012 hostnames asserted by both servers have been resolved as specified
6013 under Section 4.
6015 15.5. Order of Layers
6017 The order of layers in which protocols MUST be stacked is:
6019 1. TCP
6020 2. TLS
6021 3. SASL
6022 4. XMPP
6024 The rationale for this order is that [TCP] is the base connection
6025 layer used by all of the protocols stacked on top of TCP, [TLS] is
6026 often provided at the operating system layer, [SASL] is often
6027 provided at the application layer, and XMPP is the application
6028 itself.
6030 15.6. Lack of SASL Channel Binding to TLS
6032 The SASL framework itself does not provide a method for binding SASL
6033 authentication to a security layer providing confidentiality and
6034 integrity protection that was negotiated at a lower layer. Such a
6035 binding is known as a "channel binding" (see [CHANNEL]). Some SASL
6036 mechanisms provide channel bindings. However, if a SASL mechanism
6037 does not provide a channel binding, then the mechanism cannot provide
6038 a way to verify that the source and destination end points to which
6039 the lower layer's security is bound are equivalent to the end points
6040 that SASL is authenticating; furthermore, if the end points are not
6041 identical, then the lower layer's security cannot be trusted to
6042 protect data transmitted between the SASL-authenticated entities. In
6043 such a situation, a SASL security layer SHOULD be negotiated that
6044 effectively ignores the presence of the lower-layer security.
6046 15.7. Mandatory-to-Implement Technologies
6048 At a minimum, all implementations MUST support the following
6049 mechanisms:
6051 for confidentiality only: TLS (using the
6052 TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher)
6053 for both confidentiality and authentication: TLS plus the SASL PLAIN
6054 mechanism (See [PLAIN]) for password-based authentication and TLS
6055 plus the SASL EXTERNAL mechanism (see Appendix A of [SASL]) for
6056 non-password-based authentication (using the
6057 TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher supporting peer certificates)
6059 Naturally, implementations MAY support other ciphers with TLS and MAY
6060 support other SASL mechanisms.
6062 Note: The use of TLS plus SASL PLAIN replaces the SASL DIGEST-MD5
6063 mechanism as XMPP's mandatory-to-implement password-based method
6064 for authentication. For backward-compatibility, implementations
6065 are encouraged to continue supporting the SASL DIGEST-MD5
6066 mechanism as specified in [DIGEST-MD5]. Refer to [PLAIN] for
6067 important security considerations related to the SASL PLAIN
6068 mechanism.
6070 15.8. Firewalls
6072 Communication using XMPP normally occurs over TCP connections on port
6073 5222 (client-to-server) or port 5269 (server-to-server), as
6074 registered with the IANA (see Section 16). Use of these well-known
6075 ports allows administrators to easily enable or disable XMPP activity
6076 through existing and commonly-deployed firewalls.
6078 15.9. Use of base64 in SASL
6080 Both the client and the server MUST verify any base64 data received
6081 during SASL negotiation (Section 7). An implementation MUST reject
6082 (not ignore) any characters that are not explicitly allowed by the
6083 base64 alphabet; this helps to guard against creation of a covert
6084 channel that could be used to "leak" information.
6086 An implementation MUST NOT break on invalid input and MUST reject any
6087 sequence of base64 characters containing the pad ('=') character if
6088 that character is included as something other than the last character
6089 of the data (e.g., "=AAA" or "BBBB=CCC"); this helps to guard against
6090 buffer overflow attacks and other attacks on the implementation.
6092 While base 64 encoding visually hides otherwise easily recognized
6093 information (such as passwords), it does not provide any
6094 computational confidentiality.
6096 All uses of base 64 encoding MUST follow the definition in Section 4
6097 of [BASE64] and padding bits MUST be set to zero.
6099 15.10. Stringprep Profiles
6101 XMPP makes use of the [NAMEPREP] profile of [STRINGPREP] for
6102 processing of domain identifiers; for security considerations related
6103 to Nameprep, refer to the appropriate section of [NAMEPREP].
6105 In addition, XMPP defines two profiles of [STRINGPREP]: Nodeprep
6106 (Appendix A) for node identifiers and Resourceprep (Appendix B) for
6107 resource identifiers.
6109 The Unicode and ISO/IEC 10646 repertoires have many characters that
6110 look similar. In many cases, users of security protocols might
6111 perform visual matching, such as when comparing the names of trusted
6112 third parties. Because it is impossible to map similar-looking
6113 characters without a great deal of context (such as knowing the fonts
6114 used), stringprep does nothing to map similar-looking characters
6115 together, nor to prohibit some characters because they look like
6116 others.
6118 A node identifier can be employed as one part of an entity's address
6119 in XMPP. One common usage is as the username of an instant messaging
6120 user; another is as the name of a multi-user conference room; and
6121 many other kinds of entities could use node identifiers as part of
6122 their addresses. The security of such services could be compromised
6123 based on different interpretations of the internationalized node
6124 identifier; for example, a user entering a single internationalized
6125 node identifier could access another user's account information, or a
6126 user could gain access to a hidden or otherwise restricted chat room
6127 or service.
6129 A resource identifier can be employed as one part of an entity's
6130 address in XMPP. One common usage is as the name for an instant
6131 messaging user's connected resource; another is as the nickname of a
6132 user in a multi-user conference room; and many other kinds of
6133 entities could use resource identifiers as part of their addresses.
6134 The security of such services could be compromised based on different
6135 interpretations of the internationalized resource identifier; for
6136 example, a user could attempt to initiate multiple connections with
6137 the same name, or a user could send a message to someone other than
6138 the intended recipient in a multi-user conference room.
6140 15.11. Address Spoofing
6142 As discussed in [XEP-0165], there are two forms of address spoofing:
6143 forging and mimicking.
6145 15.11.1. Address Forging
6147 In the context of XMPP technologies, address forging occurs when an
6148 entity is able to generate an XML stanza whose 'from' address does
6149 not correspond to the account credentials with which the entity
6150 authenticated onto the network (or an authorization identity provided
6151 during SASL negotiation (Section 7)). For example, address forging
6152 occurs if an entity that authenticated as "juliet@im.example.com" is
6153 able to send XML stanzas from "nurse@im.example.com" or
6154 "romeo@example.net".
6156 Address forging is difficult in XMPP systems, given the requirement
6157 for sending servers to stamp 'from' addresses and for receiving
6158 servers to verify sending domains via server-to-server
6159 authentication. However, address forging is not impossible, since a
6160 rogue server could forge JIDs at the sending domain by ignoring the
6161 stamping requirement. A rogue server could even forge JIDs at other
6162 domains by means of a DNS poisoning attack if [DNSSEC] is not used.
6163 This specification does not define methods for discovering or
6164 counteracting such rogue servers.
6166 15.11.2. Address Mimicking
6168 Address mimicking occus when an entity provides legitimate
6169 authentication credentials for and sends XML stanzas from an account
6170 whose JID appears to a human user to be the same as another JID. For
6171 example, in some XMPP clients the address "paypa1@example.org"
6172 (spelled with the number one as the final character of the node
6173 identifier) might appear to be the same as "paypal@example.org
6174 (spelled with the lower-case version of the letter "L"), especially
6175 on casual visual inspection; this phenomenon is sometimes called
6176 "typejacking". A more sophisticated example of address mimicking
6177 might involve the use of characters from outside the US-ASCII range,
6178 such as the Cherokee characters U+13DA U+13A2 U+13B5 U+13AC U+13A2
6179 U+13AC U+13D2 instead of the US-ASCII characters "STPETER".
6181 In some examples of address mimicking, it is unlikely that the
6182 average user could tell the difference between the real JID and the
6183 fake JID. (Naturally, there is no way to distinguish with full
6184 certainty which is the fake JID and which is the real JID; in some
6185 communication contexts, the JID with Cherokee characters might be the
6186 real JID and the JID with US-ASCII characters might thus appear to be
6187 the fake JID.) Because JIDs can contain almost any Unicode
6188 character, it can be relatively easy to mimic some JIDs in XMPP
6189 systems. The possibility of address mimicking introduces security
6190 vulnerabilities of the kind that have also plagued the World Wide
6191 Web, specifically the phenomenon known as phishing.
6193 Mimicked addresses that involve characters from only one character
6194 set or from the character set typically employed by a particular user
6195 are not easy to combat (e.g., the simple typejacking attack
6196 previously described, which relies on a surface similarity between
6197 the characters "1" and "l" in some presentations). However, mimicked
6198 addresses that involve characters from more than one character set,
6199 or from a character set not typically employed by a particular user,
6200 can be mitigated somewhat through intelligent presentation. In
6201 particular, every human user of an XMPP technology presumably has a
6202 preferred language (or, in some cases, a small set of preferred
6203 languages), which an XMPP application SHOULD gather either explicitly
6204 from the user or implicitly via the operating system of the user's
6205 device. Furthermore, every language has a range (or a small set of
6206 ranges) of characters normally used to represent that language in
6207 textual form. Therefore, an XMPP application SHOULD warn the user
6208 when presenting a JID that uses characters outside the normal range
6209 of the user's preferred language(s). This recommendation is not
6210 intended to discourage communication across language communities;
6211 instead, it recognizes the existence of such language communities and
6212 encourages due caution when presenting unfamiliar character sets to
6213 human users.
6215 For more detailed recommendations regarding prevention of address
6216 mimicking in XMPP systems, refer to [XEP-0165].
6218 15.12. Denial of Service
6220 [DOS] defines denial of service as follows:
6222 A Denial-of-Service (DoS) attack is an attack in which one or more
6223 machines target a victim and attempt to prevent the victim from
6224 doing useful work. The victim can be a network server, client or
6225 router, a network link or an entire network, an individual
6226 Internet user or a company doing business using the Internet, an
6227 Internet Service Provider (ISP), country, or any combination of or
6228 variant on these.
6230 [XEP-0205] provides a detailed discussion of potential denial of
6231 service attacks against XMPP systems and best practices for
6232 preventing such attacks. The recommendations include:
6234 1. A server implementation SHOULD enable a server administrator to
6235 limit the number of TCP connections that it will accept from a
6236 given IP address at any one time. If an entity attempts to
6237 connect but the maximum number of TCP connections has been
6238 reached, the receiving server MUST NOT allow the new connection
6239 to proceed.
6240 2. A server implementation SHOULD enable a server administrator to
6241 limit the number of TCP connection attempts that it will accept
6242 from a given IP address in a given time period. (While it is
6243 possible to limit the number of connections at the TCP layer
6244 rather than at the XMPP application layer, this is not advisable
6245 because limits at the TCP layer might result in an inability to
6246 access non-XMPP services.) If an entity attempts to connect but
6247 the maximum number of connections has been reached, the receiving
6248 server MUST NOT allow the new connection to proceed.
6249 3. A server MUST NOT process XML stanzas from clients that have not
6250 yet provided appropriate authentication credentials and MUST NOT
6251 process XML stanzas from peer servers whose identity it has not
6252 either authenticated via SASL or weakly verified via server
6253 dialback (see [XEP-0220]).
6254 4. A server implementation SHOULD enable a server administrator to
6255 limit the number of connected resources it will allow an account
6256 to bind at any one time. If a client attempts to bind a resource
6257 but it has already reached the configured number of allowable
6258 resources, the receiving server MUST return a stanza error.
6260 5. A server implementation SHOULD enable a server administrator to
6261 limit the size of stanzas it will accept from a connected client
6262 or peer server. If a connected resource or peer server sends a
6263 stanza that violates the upper limit, the receiving server SHOULD
6264 NOT process the stanza and instead SHOULD return a
6265 stanza error. Alternatively (e.g., if the sender has sent an
6266 egregiously large stanza), the server MAY instead return a
6267 stream error.
6268 6. A server implementation SHOULD enable a server administrator to
6269 limit the number of XML stanzas that a connected client is
6270 allowed to send to distinct recipients within a given time
6271 period. If a connected client sends too many stanzas to distinct
6272 recipients in a given time period, the receiving server SHOULD
6273 NOT process the stanza and instead SHOULD return an stanza error.
6275 7. A server implementation SHOULD enable a server administrator to
6276 limit the amount of bandwidth it will allow a connected client or
6277 peer server to use in a given time period.
6278 8. A server implementation MAY enable a server administrator to
6279 limit the types of stanzas (based on the extended content
6280 "payload") that it will allow a connected resource or peer server
6281 send over an active connection. Such limits and restrictions are
6282 a matter of deployment policy.
6283 9. A server implementation MAY refuse to route or deliver any stanza
6284 that it considers to be abusive, with or without returning an
6285 error to the sender.
6287 For more detailed recommendations regarding denial of service attacks
6288 in XMPP systems, refer to [XEP-0205].
6290 15.13. Presence Leaks
6292 One of the core aspects of XMPP is presence: information about the
6293 network availability of an XMPP entity (i.e., whether the entity is
6294 currently online or offline). A PRESENCE LEAK occurs when an
6295 entity's network availability is inadvertently and involuntarily
6296 revealed to a second entity that is not authorized to know the first
6297 entity's network availability.
6299 Although presence is discussed more fully in [XMPP-IM], it is
6300 important to note that an XMPP server MUST NOT leak presence. In
6301 particular at the core XMPP level, real-time addressing and network
6302 availability is associated with a specific connected resource;
6303 therefore, any disclosure of a connected resource's full JID
6304 comprises a presence leak. To help prevent such a presence leak, a
6305 server MUST NOT return different stanza errors if a potential
6306 attacker sends XML stanzas to the entity's bare JID ()
6307 or full JID ().
6309 15.14. Directory Harvesting
6311 To help prevent directory harvesting attacks, a server MUST NOT
6312 return different stanza errors if a potential attacker sends XML
6313 stanzas to an existing entity or a nonexistent entity.
6315 16. IANA Considerations
6317 The following sections update the registrations provided in
6318 [RFC3920].
6320 16.1. XML Namespace Name for TLS Data
6322 A URN sub-namespace for STARTTLS negotiation data in the Extensible
6323 Messaging and Presence Protocol (XMPP) is defined as follows. (This
6324 namespace name adheres to the format defined in [XML-REG].)
6326 URI: urn:ietf:params:xml:ns:xmpp-tls
6327 Specification: XXXX
6328 Description: This is the XML namespace name for STARTTLS negotiation
6329 data in the Extensible Messaging and Presence Protocol (XMPP) as
6330 defined by XXXX.
6331 Registrant Contact: IETF, XMPP Working Group,
6333 16.2. XML Namespace Name for SASL Data
6335 A URN sub-namespace for SASL negotiation data in the Extensible
6336 Messaging and Presence Protocol (XMPP) is defined as follows. (This
6337 namespace name adheres to the format defined in [XML-REG].)
6339 URI: urn:ietf:params:xml:ns:xmpp-sasl
6340 Specification: XXXX
6341 Description: This is the XML namespace name for SASL negotiation
6342 data in the Extensible Messaging and Presence Protocol (XMPP) as
6343 defined by XXXX.
6344 Registrant Contact: IETF, XMPP Working Group,
6346 16.3. XML Namespace Name for Stream Errors
6348 A URN sub-namespace for stream error data in the Extensible Messaging
6349 and Presence Protocol (XMPP) is defined as follows. (This namespace
6350 name adheres to the format defined in [XML-REG].)
6351 URI: urn:ietf:params:xml:ns:xmpp-streams
6352 Specification: XXXX
6353 Description: This is the XML namespace name for stream error data in
6354 the Extensible Messaging and Presence Protocol (XMPP) as defined
6355 by XXXX.
6356 Registrant Contact: IETF, XMPP Working Group,
6358 16.4. XML Namespace Name for Resource Binding
6360 A URN sub-namespace for resource binding in the Extensible Messaging
6361 and Presence Protocol (XMPP) is defined as follows. (This namespace
6362 name adheres to the format defined in [XML-REG].)
6364 URI: urn:ietf:params:xml:ns:xmpp-bind
6365 Specification: XXXX
6366 Description: This is the XML namespace name for resource binding in
6367 the Extensible Messaging and Presence Protocol (XMPP) as defined
6368 by XXXX.
6369 Registrant Contact: IETF, XMPP Working Group,
6371 16.5. XML Namespace Name for Stanza Errors
6373 A URN sub-namespace for stanza error data in the Extensible Messaging
6374 and Presence Protocol (XMPP) is defined as follows. (This namespace
6375 name adheres to the format defined in [XML-REG].)
6377 URI: urn:ietf:params:xml:ns:xmpp-stanzas
6378 Specification: XXXX
6379 Description: This is the XML namespace name for stanza error data in
6380 the Extensible Messaging and Presence Protocol (XMPP) as defined
6381 by XXXX.
6382 Registrant Contact: IETF, XMPP Working Group,
6384 16.6. Nodeprep Profile of Stringprep
6386 The Nodeprep profile of stringprep is defined under Nodeprep
6387 (Appendix A). The IANA has registered Nodeprep in the stringprep
6388 profile registry.
6390 Name of this profile:
6392 Nodeprep
6394 RFC in which the profile is defined:
6396 XXXX
6398 Indicator whether or not this is the newest version of the profile:
6400 This is the first version of Nodeprep
6402 16.7. Resourceprep Profile of Stringprep
6404 The Resourceprep profile of stringprep is defined under Resourceprep
6405 (Appendix B). The IANA has registered Resourceprep in the stringprep
6406 profile registry.
6408 Name of this profile:
6410 Resourceprep
6412 RFC in which the profile is defined:
6414 XXXX
6416 Indicator whether or not this is the newest version of the profile:
6418 This is the first version of Resourceprep
6420 16.8. GSSAPI Service Name
6422 The IANA has registered "xmpp" as a GSSAPI [GSS-API] service name, as
6423 defined under Section 7.5.
6425 16.9. Port Numbers
6427 The IANA has registered "xmpp-client" and "xmpp-server" as keywords
6428 for [TCP] ports 5222 and 5269 respectively.
6430 These ports SHOULD be used for client-to-server and server-to-server
6431 communications respectively, but other ports MAY be used.
6433 17. References
6435 17.1. Normative References
6437 [ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax
6438 Specifications: ABNF", STD 68, RFC 5234, January 2008.
6440 [BASE64] Josefsson, S., "The Base16, Base32, and Base64 Data
6441 Encodings", RFC 4648, October 2006.
6443 [CHARSET] Alvestrand, H., "IETF Policy on Character Sets and
6444 Languages", BCP 18, RFC 2277, January 1998.
6446 [DNS] Mockapetris, P., "Domain names - implementation and
6447 specification", STD 13, RFC 1035, November 1987.
6449 [DNS-SRV] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
6450 specifying the location of services (DNS SRV)", RFC 2782,
6451 February 2000.
6453 [IDNA] Faltstrom, P., Hoffman, P., and A. Costello,
6454 "Internationalizing Domain Names in Applications (IDNA)",
6455 RFC 3490, March 2003.
6457 [LANGTAGS]
6458 Phillips, A. and M. Davis, "Tags for Identifying
6459 Languages", BCP 47, RFC 4646, September 2006.
6461 [NAMEPREP]
6462 Hoffman, P. and M. Blanchet, "Nameprep: A Stringprep
6463 Profile for Internationalized Domain Names (IDN)",
6464 RFC 3491, March 2003.
6466 [PLAIN] Zeilenga, K., "The PLAIN Simple Authentication and
6467 Security Layer (SASL) Mechanism", RFC 4616, August 2006.
6469 [RANDOM] Eastlake, D., Schiller, J., and S. Crocker, "Randomness
6470 Requirements for Security", BCP 106, RFC 4086, June 2005.
6472 [SASL] Melnikov, A. and K. Zeilenga, "Simple Authentication and
6473 Security Layer (SASL)", RFC 4422, June 2006.
6475 [STRINGPREP]
6476 Hoffman, P. and M. Blanchet, "Preparation of
6477 Internationalized Strings ("stringprep")", RFC 3454,
6478 December 2002.
6480 [TCP] Postel, J., "Transmission Control Protocol", STD 7,
6481 RFC 793, September 1981.
6483 [TERMS] Bradner, S., "Key words for use in RFCs to Indicate
6484 Requirement Levels", BCP 14, RFC 2119, March 1997.
6486 [TLS] Dierks, T. and E. Rescorla, "The Transport Layer Security
6487 (TLS) Protocol Version 1.1", RFC 4346, April 2006.
6489 [UCS2] International Organization for Standardization,
6490 "Information Technology - Universal Multiple-octet coded
6491 Character Set (UCS) - Amendment 2: UCS Transformation
6492 Format 8 (UTF-8)", ISO Standard 10646-1 Addendum 2,
6493 October 1996.
6495 [UNICODE] The Unicode Consortium, "The Unicode Standard, Version
6496 3.2.0", 2000.
6498 The Unicode Standard, Version 3.2.0 is defined by The
6499 Unicode Standard, Version 3.0 (Reading, MA, Addison-
6500 Wesley, 2000. ISBN 0-201-61633-5), as amended by the
6501 Unicode Standard Annex #27: Unicode 3.1
6502 (http://www.unicode.org/reports/tr27/) and by the Unicode
6503 Standard Annex #28: Unicode 3.2
6504 (http://www.unicode.org/reports/tr28/).
6506 [UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO
6507 10646", STD 63, RFC 3629, November 2003.
6509 [UUID] Leach, P., Mealling, M., and R. Salz, "A Universally
6510 Unique IDentifier (UUID) URN Namespace", RFC 4122,
6511 July 2005.
6513 [URI] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
6514 Resource Identifier (URI): Generic Syntax", STD 66,
6515 RFC 3986, January 2005.
6517 [X509] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet
6518 X.509 Public Key Infrastructure Certificate and
6519 Certificate Revocation List (CRL) Profile", RFC 3280,
6520 April 2002.
6522 [X509-SRV]
6523 Santesson, S., "Internet X.509 Public Key Infrastructure
6524 Subject Alternative Name for Expression of Service Name",
6525 RFC 4985, August 2007.
6527 [XML] Paoli, J., Maler, E., Sperberg-McQueen, C., Yergeau, F.,
6528 and T. Bray, "Extensible Markup Language (XML) 1.0 (Fourth
6529 Edition)", World Wide Web Consortium Recommendation REC-
6530 xml-20060816, August 2006,
6531 .
6533 [XML-NAMES]
6534 Layman, A., Hollander, D., Tobin, R., and T. Bray,
6535 "Namespaces in XML 1.1 (Second Edition)", World Wide Web
6536 Consortium Recommendation REC-xml-names11-20060816,
6537 August 2006, .
6539 17.2. Informative References
6541 [ACAP] Newman, C. and J. Myers, "ACAP -- Application
6542 Configuration Access Protocol", RFC 2244, November 1997.
6544 [ANONYMOUS]
6545 Zeilenga, K., "Anonymous Simple Authentication and
6546 Security Layer (SASL) Mechanism", RFC 4505, June 2006.
6548 [ASN.1] CCITT, "Recommendation X.208: Specification of Abstract
6549 Syntax Notation One (ASN.1)", 1988.
6551 [CHANNEL] Williams, N., "On the Use of Channel Bindings to Secure
6552 Channels", RFC 5056, November 2007.
6554 [DIGEST-MD5]
6555 Leach, P. and C. Newman, "Using Digest Authentication as a
6556 SASL Mechanism", RFC 2831, May 2000.
6558 [DNSSEC] Arends, R., Austein, R., Larson, M., Massey, D., and S.
6559 Rose, "DNS Security Introduction and Requirements",
6560 RFC 4033, March 2005.
6562 [DNS-TXT] Rosenbaum, R., "Using the Domain Name System To Store
6563 Arbitrary String Attributes", RFC 1464, May 1993.
6565 [DOS] Handley, M., Rescorla, E., and IAB, "Internet Denial-of-
6566 Service Considerations", RFC 4732, December 2006.
6568 [GSS-API] Linn, J., "Generic Security Service Application Program
6569 Interface Version 2, Update 1", RFC 2743, January 2000.
6571 [HTTP] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
6572 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
6573 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
6575 [IMAP] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION
6576 4rev1", RFC 3501, March 2003.
6578 [IMP-REQS]
6579 Day, M., Aggarwal, S., and J. Vincent, "Instant Messaging
6580 / Presence Protocol Requirements", RFC 2779,
6581 February 2000.
6583 [IRI] Duerst, M. and M. Suignard, "Internationalized Resource
6584 Identifiers (IRIs)", RFC 3987, January 2005.
6586 [LINKLOCAL]
6587 Cheshire, S., Aboba, B., and E. Guttman, "Dynamic
6588 Configuration of IPv4 Link-Local Addresses", RFC 3927,
6589 May 2005.
6591 [MAILBOXES]
6592 Crocker, D., "MAILBOX NAMES FOR COMMON SERVICES, ROLES AND
6593 FUNCTIONS", RFC 2142, May 1997.
6595 [POP3] Myers, J. and M. Rose, "Post Office Protocol - Version 3",
6596 STD 53, RFC 1939, May 1996.
6598 [PUNYCODE]
6599 Costello, A., "Punycode: A Bootstring encoding of Unicode
6600 for Internationalized Domain Names in Applications
6601 (IDNA)", RFC 3492, March 2003.
6603 [RFC3920] Saint-Andre, P., Ed., "Extensible Messaging and Presence
6604 Protocol (XMPP): Core", RFC 3920, October 2004.
6606 [RFC3921] Saint-Andre, P., Ed., "Extensible Messaging and Presence
6607 Protocol (XMPP): Instant Messaging and Presence",
6608 RFC 3921, October 2004.
6610 [SMTP] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821,
6611 April 2001.
6613 [URN-OID] Mealling, M., "A URN Namespace of Object Identifiers",
6614 RFC 3061, February 2001.
6616 [USINGTLS]
6617 Newman, C., "Using TLS with IMAP, POP3 and ACAP",
6618 RFC 2595, June 1999.
6620 [XEP-0001]
6621 Saint-Andre, P., "XMPP Extension Protocols", XSF XEP 0001,
6622 January 2008.
6624 [XEP-0045]
6625 Saint-Andre, P., "Multi-User Chat", XSF XEP 0045,
6626 July 2007.
6628 [XEP-0060]
6629 Millard, P., Saint-Andre, P., and R. Meijer, "Publish-
6630 Subscribe", XSF XEP 0060, September 2007.
6632 [XEP-0071]
6633 Saint-Andre, P., "XHTML-IM", XSF XEP 0071, September 2007.
6635 [XEP-0077]
6636 Saint-Andre, P., "In-Band Registration", XSF XEP 0077,
6637 January 2006.
6639 [XEP-0124]
6640 Paterson, I., Smith, D., and P. Saint-Andre,
6641 "Bidirectional-streams Over Synchronous HTTP (BOSH)", XSF
6642 XEP 0124, February 2007.
6644 [XEP-0156]
6645 Hildebrand, J. and P. Saint-Andre, "Discovering
6646 Alternative XMPP Connection Methods", XSF XEP 0156,
6647 June 2007.
6649 [XEP-0165]
6650 Saint-Andre, P., "Best Practices to Prevent JID
6651 Mimicking", XSF XEP 0165, July 2007.
6653 [XEP-0174]
6654 Saint-Andre, P., "Link-Local Messaging", XSF XEP 0174,
6655 September 2007.
6657 [XEP-0175]
6658 Saint-Andre, P., "Best Practices for Use of SASL
6659 ANONYMOUS", XSF XEP 0175, September 2006.
6661 [XEP-0178]
6662 Saint-Andre, P. and P. Millard, "Best Practices for Use of
6663 SASL EXTERNAL with Certificates", XSF XEP 0178,
6664 February 2007.
6666 [XEP-0205]
6667 Saint-Andre, P., "Best Practices to Discourage Denial of
6668 Service Attacks", XSF XEP 0205, July 2007.
6670 [XEP-0206]
6671 Paterson, I., "XMPP Over BOSH", XSF XEP 0206, June 2007.
6673 [XEP-0220]
6674 Saint-Andre, P. and J. Miller, "Server Dialback", XSF
6675 XEP 0220, October 2008.
6677 [XEP-0246]
6678 Saint-Andre, P., "End-to-End XML Streams", XSF XEP 0246,
6679 June 2008.
6681 [XML-FRAG]
6682 Grosso, P. and D. Veillard, "XML Fragment Interchange",
6683 World Wide Web Consortium CR CR-xml-fragment-20010212,
6684 February 2001,
6685 .
6687 [XML-REG] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
6688 January 2004.
6690 [XML-SCHEMA]
6691 Thompson, H., Maloney, M., Mendelsohn, N., and D. Beech,
6692 "XML Schema Part 1: Structures Second Edition", World Wide
6693 Web Consortium Recommendation REC-xmlschema-1-20041028,
6694 October 2004,
6695 .
6697 [XMPP-IM] Saint-Andre, P., "Extensible Messaging and Presence
6698 Protocol (XMPP): Instant Messaging and Presence",
6699 draft-saintandre-rfc3921bis-06 (work in progress),
6700 July 2008.
6702 [XMPP-URI]
6703 Saint-Andre, P., "Internationalized Resource Identifiers
6704 (IRIs) and Uniform Resource Identifiers (URIs) for the
6705 Extensible Messaging and Presence Protocol (XMPP)",
6706 RFC 5122, February 2008.
6708 Appendix A. Nodeprep
6710 A.1. Introduction
6712 This appendix defines the "Nodeprep" profile of stringprep. As such,
6713 it specifies processing rules that will enable users to enter
6714 internationalized node identifiers in the Extensible Messaging and
6715 Presence Protocol (XMPP) and have the highest chance of getting the
6716 content of the strings correct. (An XMPP node identifier is the
6717 optional portion of an XMPP address that precedes an XMPP domain
6718 identifier and the '@' separator; it is often but not exclusively
6719 associated with an instant messaging username.) These processing
6720 rules are intended only for XMPP node identifiers and are not
6721 intended for arbitrary text or any other aspect of an XMPP address.
6723 This profile defines the following, as required by [STRINGPREP]:
6725 o The intended applicability of the profile: internationalized node
6726 identifiers within XMPP
6727 o The character repertoire that is the input and output to
6728 stringprep: Unicode 3.2, specified in Section 2 of this Appendix
6730 o The mappings used: specified in Section 3
6731 o The Unicode normalization used: specified in Section 4
6732 o The characters that are prohibited as output: specified in Section
6733 5
6734 o Bidirectional character handling: specified in Section 6
6736 A.2. Character Repertoire
6738 This profile uses Unicode 3.2 with the list of unassigned code points
6739 being Table A.1, both defined in Appendix A of [STRINGPREP].
6741 A.3. Mapping
6743 This profile specifies mapping using the following tables from
6744 [STRINGPREP]:
6746 Table B.1
6747 Table B.2
6749 A.4. Normalization
6751 This profile specifies the use of Unicode normalization form KC, as
6752 described in [STRINGPREP].
6754 A.5. Prohibited Output
6756 This profile specifies the prohibition of using the following tables
6757 from [STRINGPREP].
6759 Table C.1.1
6760 Table C.1.2
6761 Table C.2.1
6762 Table C.2.2
6763 Table C.3
6764 Table C.4
6765 Table C.5
6766 Table C.6
6767 Table C.7
6768 Table C.8
6769 Table C.9
6771 In addition, the following additional Unicode characters are also
6772 prohibited:
6774 U+0022 (QUOTATION MARK)
6775 U+0026 (AMPERSAND)
6776 U+0027 (APOSTROPHE)
6777 U+002F (SOLIDUS)
6778 U+003A (COLON)
6779 U+003C (LESS-THAN SIGN)
6780 U+003E (GREATER-THAN SIGN)
6781 U+0040 (COMMERCIAL AT)
6783 A.6. Bidirectional Characters
6785 This profile specifies checking bidirectional strings, as described
6786 in Section 6 of [STRINGPREP].
6788 A.7. Notes
6790 Because the additional characters prohibited by Nodeprep are
6791 prohibited after normalization, an implementation MUST NOT enable a
6792 human user to input any Unicode code point whose decomposition
6793 includes those characters; such code points include but are not
6794 necessarily limited to the following (refer to [UNICODE] for complete
6795 information).
6797 o U+2100 (ACCOUNT OF)
6798 o U+2101 (ADDRESSED TO THE SUBJECT)
6799 o U+2105 (CARE OF)
6800 o U+2106 (CADA UNA)
6801 o U+226E (NOT LESS-THAN)
6802 o U+226F (NOT GREATER-THAN)
6803 o U+2A74 (DOUBLE COLON EQUAL)
6804 o U+FE13 (SMALL COLON)
6805 o U+FE60 (SMALL AMPERSAND)
6806 o U+FE64 (SMALL LESS-THAN SIGN)
6807 o U+FE65 (SMALL GREATER-THAN SIGN)
6808 o U+FE6B (SMALL COMMERCIAL AT)
6809 o U+FF02 (FULLWIDTH QUOTATION MARK)
6810 o U+FF06 (FULLWIDTH AMPERSAND)
6811 o U+FF07 (FULLWIDTH APOSTROPHE)
6812 o U+FF0F (FULLWIDTH SOLIDUS)
6813 o U+FF1A (FULLWIDTH COLON)
6814 o U+FF1C (FULLWIDTH LESS-THAN SIGN)
6815 o U+FF1E (FULLWIDTH GREATER-THAN SIGN)
6816 o U+FF20 (FULLWIDTH COMMERCIAL AT)
6818 Appendix B. Resourceprep
6819 B.1. Introduction
6821 This appendix defines the "Resourceprep" profile of stringprep. As
6822 such, it specifies processing rules that will enable users to enter
6823 internationalized resource identifiers in the Extensible Messaging
6824 and Presence Protocol (XMPP) and have the highest chance of getting
6825 the content of the strings correct. (An XMPP resource identifier is
6826 the optional portion of an XMPP address that follows an XMPP domain
6827 identifier and the '/' separator.) These processing rules are
6828 intended only for XMPP resource identifiers and are not intended for
6829 arbitrary text or any other aspect of an XMPP address.
6831 This profile defines the following, as required by [STRINGPREP]:
6833 o The intended applicability of the profile: internationalized
6834 resource identifiers within XMPP
6835 o The character repertoire that is the input and output to
6836 stringprep: Unicode 3.2, specified in Section 2 of this Appendix
6837 o The mappings used: specified in Section 3
6838 o The Unicode normalization used: specified in Section 4
6839 o The characters that are prohibited as output: specified in Section
6840 5
6841 o Bidirectional character handling: specified in Section 6
6843 B.2. Character Repertoire
6845 This profile uses Unicode 3.2 with the list of unassigned code points
6846 being Table A.1, both defined in Appendix A of [STRINGPREP].
6848 B.3. Mapping
6850 This profile specifies mapping using the following tables from
6851 [STRINGPREP]:
6853 Table B.1
6855 B.4. Normalization
6857 This profile specifies the use of Unicode normalization form KC, as
6858 described in [STRINGPREP].
6860 B.5. Prohibited Output
6862 This profile specifies the prohibition of using the following tables
6863 from [STRINGPREP].
6865 Table C.1.2
6866 Table C.2.1
6867 Table C.2.2
6868 Table C.3
6869 Table C.4
6870 Table C.5
6871 Table C.6
6872 Table C.7
6873 Table C.8
6874 Table C.9
6876 B.6. Bidirectional Characters
6878 This profile specifies checking bidirectional strings, as described
6879 in Section 6 of [STRINGPREP].
6881 Appendix C. XML Schemas
6883 Because validation of XML streams and stanzas is optional, the
6884 following XML schemas are provided for descriptive purposes only.
6885 These schemas are not normative.
6887 The following schemas formally define various XML namespaces used in
6888 the core XMPP protocols, in conformance with [XML-SCHEMA]. For
6889 schemas defining the 'jabber:client' and 'jabber:server' namespaces,
6890 refer to [XMPP-IM].
6892 C.1. Streams Namespace
6894
6896
6902
6903
6904
6905
6906
6908
6909
6910
6913
6914
6917
6920
6921
6922
6923
6924
6925
6926
6927
6928
6929
6930
6931
6932
6933
6934
6935
6936
6937
6938
6939
6940
6941
6942
6944
6945
6946
6947
6948
6950
6951
6952
6953
6954
6957
6960
6962
6963
6965
6967 C.2. Stream Error Namespace
6969
6971
6977
6978
6979
6980
6981
6982
6983
6984
6985
6986
6987
6988
6989
6990
6991
6992
6993
6994
6995
6996
6997
6998
6999
7000
7002
7003
7004
7005
7006
7007
7008
7009
7010
7011
7012
7013
7014
7015
7016
7017
7018
7019
7020
7021
7022
7023
7024
7025
7026
7027
7028
7029
7031
7032
7033
7034
7035
7036
7037
7038
7039
7041
7042
7043
7044
7045
7047
7049 C.3. STARTTLS Namespace
7051
7053
7059
7060
7061
7062
7063
7064
7065
7066
7068
7070
7072
7073
7074
7075
7076
7078
7080 C.4. SASL Namespace
7082
7084
7090
7091
7092
7093
7098
7099
7100
7101
7102
7105
7106
7107
7109
7111
7112
7113
7114
7115
7118
7119
7120
7121
7123
7125
7127
7129
7130
7131
7132
7133
7134
7135
7136
7137
7138
7139
7140
7141
7142
7143
7144
7145
7146
7147
7148
7149
7151
7152
7153
7154
7155
7156
7157
7158
7159
7161
7162
7163
7164
7165
7167
7169 C.5. Resource Binding Namespace
7171
7173
7179
7180
7181
7182
7183
7184
7185
7186
7187
7188
7189
7190
7191
7192
7193
7194
7195
7196
7197
7198
7199
7200
7201
7202
7203
7204
7205
7207
7208
7209
7210
7211
7212
7214
7215
7216
7217
7218
7219
7221
7223 C.6. Stanza Error Namespace
7225
7227
7233
7234
7235
7236
7237
7238
7239
7240
7241
7242
7243
7244
7245
7246
7247
7248
7249
7250
7251
7252
7253
7254
7255
7256
7258
7259
7260
7261
7262
7263
7264
7265
7266
7267
7268
7269
7270
7271
7272
7273
7274
7275
7276
7277
7278
7279
7280
7281
7282
7283
7284
7285
7287
7288
7289
7290
7291
7292
7293
7294
7295
7297
7298
7299
7300
7301
7303
7305 Appendix D. Contact Addresses
7307 Consistent with [MAILBOXES], an organization that offers an XMPP
7308 service SHOULD provide an Internet mailbox of "XMPP" for inquiries
7309 related to that service, where the host portion of the resulting
7310 mailto URI MUST be the organization's domain, not the domain of the
7311 XMPP service itself (e.g., the XMPP service might be offered at
7312 im.example.com but the Internet mailbox would be ).
7314 Appendix E. Account Provisioning
7316 Account provisioning is out of scope for this specification.
7317 Possible methods for account provisioning include account creation by
7318 a server administrator and in-band account registration using the
7319 'jabber:iq:register' namespace as documented in [XEP-0077].
7321 Appendix F. Differences From RFC 3920
7323 Based on consensus derived from implementation and deployment
7324 experience as well as formal interoperability testing, the following
7325 substantive modifications were made from RFC 3920.
7327 o Corrected the ABNF syntax for JIDs to prevent zero-length node
7328 identifiers, domain identifiers, and resource identifiers.
7329 o Corrected the nameprep processing rules to require use of the
7330 UseSTD3ASCIIRules flag.
7331 o Recommended or mandated use of the 'from' and 'to' attributes on
7332 stream headers.
7334 o More fully specified stream closing handshake.
7335 o Specified recommended stream reconnection algorithm.
7336 o Specified return of stream error in response to
7337 receipt of prohibited XML features.
7338 o Specified that TLS plus SASL PLAIN is a mandatory-to-implement
7339 technology for client-to-server connections, since implementation
7340 of SASL EXTERNAL is uncommon in XMPP clients, in part because
7341 underlying security features such as end-user X.509 certificates
7342 are not yet widely deployed.
7343 o Added the , ,
7344 , , and SASL error conditions to handle error flows mistakenly
7346 left out of RFC 3920 or discussed in RFC 4422 but not in RFC 2222.
7347 o More fully specified binding of multiple resources to the same
7348 stream.
7349 o Added the stanza error condition to provide
7350 appropriate handling of stanzas when multiple resources are bound
7351 to the same stream.
7352 o Added the stanza error condition to enable
7353 potential ETags usage.
7354 o Removed unnecessary requirement for escaping of characters that
7355 map to certain predefined entities, which do not need to be
7356 escaped in XML.
7357 o Clarified process of DNS SRV lookups and fallbacks.
7358 o Clarified handling of SASL security layers.
7359 o Clarified handling of stream features, regularized use of the
7360 <l;required/> child element, and defined use of the
7361 child element.
7362 o Clarified handling of data that violates the well-formedness
7363 definitions for XML 1.0 and XML namespaces.
7364 o Specified security considerations in more detail, especially with
7365 regard to presence leaks and denial of service attacks.
7366 o Moved historical documentation of the server dialback protocol
7367 from this specification to a separate specification maintained by
7368 the XMPP Standards Foundation.
7370 In addition, numerous changes of an editorial nature were made in
7371 order to more fully specify and clearly explain XMPP.
7373 Appendix G. Copying Conditions
7375 Regarding this entire document or any portion of it, the author makes
7376 no guarantees and is not responsible for any damage resulting from
7377 its use. The author grants irrevocable permission to anyone to use,
7378 modify, and distribute it in any way that does not diminish the
7379 rights of anyone else to use, modify, and distribute it, provided
7380 that redistributed derivative works do not contain misleading author
7381 or version information. Derivative works need not be licensed under
7382 similar terms.
7384 Index
7386 B
7387 Bare JID 17
7389 C
7390 Connected Resource 74
7392 D
7393 Domain Identifier 15
7395 E
7396 Entity 14
7397 Error Stanza 89
7398 Extended Content 105
7400 F
7401 Full JID 17
7403 I
7404 Initial Stream 22
7405 IQ Stanza 87
7407 J
7408 Jabber Identifier 14
7410 M
7411 Message Stanza 86
7413 N
7414 Node Identifier 16
7416 P
7417 Presence Stanza 87
7419 R
7420 Resource Identifier 17
7421 Response Stream 22
7423 S
7424 Stream ID 27
7426 W
7427 Whitespace Ping 34
7429 X
7430 XML Stanza 22
7431 XML Stream 21
7433 Author's Address
7435 Peter Saint-Andre (editor)
7436 XMPP Standards Foundation
7438 Email: stpeter@jabber.org
7439 URI: https://stpeter.im/
7441 Full Copyright Statement
7443 Copyright (C) The IETF Trust (2008).
7445 This document is subject to the rights, licenses and restrictions
7446 contained in BCP 78, and except as set forth therein, the authors
7447 retain all their rights.
7449 This document and the information contained herein are provided on an
7450 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
7451 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
7452 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
7453 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
7454 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
7455 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
7457 Intellectual Property
7459 The IETF takes no position regarding the validity or scope of any
7460 Intellectual Property Rights or other rights that might be claimed to
7461 pertain to the implementation or use of the technology described in
7462 this document or the extent to which any license under such rights
7463 might or might not be available; nor does it represent that it has
7464 made any independent effort to identify any such rights. Information
7465 on the procedures with respect to rights in RFC documents can be
7466 found in BCP 78 and BCP 79.
7468 Copies of IPR disclosures made to the IETF Secretariat and any
7469 assurances of licenses to be made available, or the result of an
7470 attempt made to obtain a general license or permission for the use of
7471 such proprietary rights by implementers or users of this
7472 specification can be obtained from the IETF on-line IPR repository at
7473 http://www.ietf.org/ipr.
7475 The IETF invites any interested party to bring to its attention any
7476 copyrights, patents or patent applications, or other proprietary
7477 rights that may cover technology that may be required to implement
7478 this standard. Please address the information to the IETF at
7479 ietf-ipr@ietf.org.