idnits 2.17.1
draft-snell-atompub-tombstones-09.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
-- The draft header indicates that this document updates RFC4287, but the
abstract doesn't seem to mention this, which it should.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
== The document seems to lack the recommended RFC 2119 boilerplate, even if
it appears to use RFC 2119 keywords -- however, there's a paragraph with
a matching beginning. Boilerplate error?
(The document does seem to have the reference to RFC 2119 which the
ID-Checklist requires).
(Using the creation date from RFC4287, updated by this document, for
RFC5378 checks: 2004-07-09)
-- The document seems to lack a disclaimer for pre-RFC5378 work, but may
have content which was first submitted before 10 November 2008. If you
have contacted all the original authors and they are all willing to grant
the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
this comment. If not, you may need to add the pre-RFC5378 disclaimer.
(See the Legal Provisions document at
https://trustee.ietf.org/license-info for more information.)
-- The document date (May 21, 2010) is 5089 days in the past. Is this
intentional?
Checking references for intended status: Informational
----------------------------------------------------------------------------
** Obsolete normative reference: RFC 3023 (Obsoleted by RFC 7303)
Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 3 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 Network Working Group J. Snell
3 Internet-Draft May 21, 2010
4 Updates: 4287 (if approved)
5 Intended status: Informational
6 Expires: November 22, 2010
8 The Atom "deleted-entry" Element
9 draft-snell-atompub-tombstones-09.txt
11 Abstract
13 This specification adds mechanisms to the Atom Syndication Format
14 which Atom Feed publishers can use to explicitly identify Atom
15 entries that have been removed from an Atom feed.
17 Status of this Memo
19 This Internet-Draft is submitted to IETF in full conformance with the
20 provisions of BCP 78 and BCP 79.
22 Internet-Drafts are working documents of the Internet Engineering
23 Task Force (IETF). Note that other groups may also distribute
24 working documents as Internet-Drafts. The list of current Internet-
25 Drafts is at http://datatracker.ietf.org/drafts/current/.
27 Internet-Drafts are draft documents valid for a maximum of six months
28 and may be updated, replaced, or obsoleted by other documents at any
29 time. It is inappropriate to use Internet-Drafts as reference
30 material or to cite them other than as "work in progress."
32 This Internet-Draft will expire on November 22, 2010.
34 Copyright Notice
36 Copyright (c) 2010 IETF Trust and the persons identified as the
37 document authors. All rights reserved.
39 This document is subject to BCP 78 and the IETF Trust's Legal
40 Provisions Relating to IETF Documents
41 (http://trustee.ietf.org/license-info) in effect on the date of
42 publication of this document. Please review these documents
43 carefully, as they describe your rights and restrictions with respect
44 to this document. Code Components extracted from this document must
45 include Simplified BSD License text as described in Section 4.e of
46 the Trust Legal Provisions and are provided without warranty as
47 described in the Simplified BSD License.
49 Table of Contents
51 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
52 2. Notational Conventions . . . . . . . . . . . . . . . . . . . . 3
53 3. The at:deleted-entry element . . . . . . . . . . . . . . . . . 3
54 4. Deleted Entry Document . . . . . . . . . . . . . . . . . . . . 5
55 5. Digital Signatures . . . . . . . . . . . . . . . . . . . . . . 5
56 6. Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . 6
57 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7
58 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
59 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9
60 10. Normative References . . . . . . . . . . . . . . . . . . . . . 9
61 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 10
63 1. Introduction
65 This specification adds a new element to the Atom Syndication Format
66 [RFC4287] that can be used to explicitly indicate that specific
67 entries have been removed from a feed.
69 2. Notational Conventions
71 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
72 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
73 document are to be interpreted as described in BCP 14, [RFC2119]
75 This specification uses XML Namespaces [W3C.REC-xml-names-19990114]
76 to uniquely identify XML element names. It uses the following
77 namespace prefix for the indicated namespace URI;
79 "at": "http://purl.org/atompub/tombstones/1.0"
81 3. The at:deleted-entry element
83 The at:deleted-entry element MAY appear as a child of atom:feed to
84 represent an Atom Entry that has been removed from a feed.
86 deletedEntry = element at:deleted-entry {
87 atomCommonAttributes,
88 attribute ref { atomUri },
89 attribute when { atomDateConstruct },
90 ( element at:by { atomPersonConstruct}?,
91 & element at:comment {atomTextConstruct}?,
92 & element atom:link*,
93 & element atom:source?,
94 & extensionElement* )
95 }
97 The at:deleted-entry element MUST contain a ref attribute whose value
98 specifies the value of the atom:id of the entry that has been
99 removed.
101 The at:deleted-entry element MUST contain a when attribute whose
102 value is an [RFC3339] "date-time" specifying the instant the entry
103 was removed from the feed. An uppercase "T" character MUST be used
104 to separate date and time, and an uppercase "Z" character MUST be
105 present in the absence of a numeric time zone offset
107 The at:deleted-entry element MAY contain one at:by element used to
108 identify the entity that removed the entry from the feed. The at:by
109 element is an Atom Person Construct as defined by Section 3.2 of
110 [RFC4287].
112 The at:deleted-entry element MAY contain one at:comment element whose
113 value provides additional, language-sensitive information about the
114 deletion operation. The atom:comment element is an Atom Text
115 Construct as defined by Section 3.1 of [RFC4287].
117 The at:deleted-entry element MAY contain any number of atom:link
118 elements as specified by Section 4.2.7 of [RFC4287].
120 The at:deleted-entry element MAY contain one atom:source element as
121 defined by Section 4.2.11 of [RFC4287]. Within the context of an at:
122 deleted-entry element, the atom:source element is intended to allow
123 the aggregation of at:deleted-entry element from different feeds
124 while retaining information about an at:deleted-entry's source feed.
126 An Atom feed MAY contain any number of at:deleted-entry elements, but
127 MUST NOT contain more than one with the same combination of ref and
128 when attribute values.
130
132 ...
133
134
138
139
142
143 John Doe
144 jdoe@example.org
145
146 Removed comment spam
147
148 ...
149
151 An Atom feed MAY contain atom:entry elements and at:deleted-entry
152 elements sharing the same atom:id value. Atom processors SHOULD
153 ignore any at:deleted-entry elements sharing an atom:id value with an
154 atom:entry whose atom:updated element specifies a date and time more
155 recent than or equal to the at:deleted-entry element's when value.
157 Elements and attributes from other XML vocabularies MAY be used
158 within an at:deleted-entry element following the same model defined
159 by Section 6 of [RFC4287]. Processors encountering such markup MUST
160 NOT stop processing or signal an error. It might be the case that
161 the Processor is able to process the foreign markup correctly and
162 does so. When unknown markup is encountered as a child of at:
163 deleted-entry, Processors MAY bypass the markup and any textual
164 content and MUST NOT change their behavior as a result of the
165 markup's presence.
167 This specification allows the use of IRIs [RFC3987] in precisely the
168 same manner specified in Section 2 of [RFC4287].
170 Any element defined by this specification MAY have an xml:base
171 attribute [W3C.REC-xmlbase-20010627]. When xml:base is used, it
172 serves the function described in section 5.1.1 of [RFC3986],
173 establishing the base URI (or IRI) for resolving any relative
174 references found within the effective scope of the xml:base
175 attribute.
177 Any element defined by this specification MAY have an xml:lang
178 attribute, whose content indicates the natural language for the
179 element and its descendents. Requirements regarding the content and
180 interpretation of xml:lang are specified in XML 1.0
181 [W3C.REC-xml-20040204], Section 2.12.
183 4. Deleted Entry Document
185 A "Deleted Entry Document" represents exactly one at:deleted-entry
186 element outside the context of an Atom feed. It's root is the at:
187 deleted-entry element.
189 namespace at = "http://purl.org/atompub/tombstones/1.0"
190 start = at:deleted-entry
192 Deleted Entry Documents are specified in terms of the XML Information
193 Set, serialized as XML 1.0 [W3C.REC-xml-20040204] and identified with
194 the "application/atomdeleted+xml" media type. Deleted Entry
195 Documents MUST be well-formed XML. This specification does not
196 define a DTD for Deleted Entry Documents, and hence does not require
197 them to be valid (in the sense used by XML).
199 5. Digital Signatures
201 The at:deleted-entry element MAY have an Enveloped Signature, as
202 described by XML-Signature and Syntax Processing
204 [W3C.REC-xmldsig-core-20020212].
206 Processors MUST NOT reject an at:deleted-entry containing such a
207 signature because they are not capable of verifying it; they MUST
208 continue processing and MAY inform the user of their failure to
209 validate the signature.
211 In other words, the presence of an element with the namespace URI
212 "http://www.w3.org/2000/09/xmldsig#" and a local name of "Signature"
213 as a child of the document element MUST NOT cause an Processor to
214 fail merely because of its presence.
216 Section 6.5.1 of [W3C.REC-xmldsig-core-20020212] requires support for
217 Canonical XML [W3C.REC-xml-c14n-20010315]. However, many
218 implementers do not use it because signed XML documents enclosed in
219 other XML documents have their signatures broken. Thus, Processors
220 that verify signed at:deleted-entry elements MUST be able to
221 canonicalize with the exclusive XML canonicalization method
222 identified by the URI "http://www.w3.org/2001/10/xml-exc-c14n#", as
223 specified in Exclusive XML Canonicalization
224 [W3C.REC-xml-exc-c14n-20020718].
226 Intermediaries such as aggregators may need to add an atom:source
227 element to an at:deleted-entry that does not contain its own atom:
228 source element. If such an entry is signed, the addition will break
229 the signature. Thus, a publisher of individually-signed at:deleted-
230 entry's should strongly consider adding an atom:source element to
231 those elements before signing them. Implementers should also be
232 aware of the issues concerning the use of markup in the "xml:"
233 namespace as it interacts with canonicalization.
235 Section 4.4.2 of [W3C.REC-xmldsig-core-20020212] requires support for
236 DSA signatures and recommends support for RSA signatures. However,
237 because of the much greater popularity in the market of RSA versus
238 DSA, Atom Processors that verify signed Atom Documents MUST be able
239 to verify RSA signatures, but do not need be able to verify DSA
240 signatures. Due to security issues that can arise if the keying
241 material for message authentication code (MAC) authentication is not
242 handled properly, Atom Documents SHOULD NOT use MACs for signatures.
244 6. Encryption
246 The root of a Deleted Entry Document (the at:deleted-entry element)
247 MAY be encrypted, using the mechanisms described by XML Encryption
248 Syntax and Processing [W3C.REC-xmlenc-core-20021210].
250 Section 5.1 of [W3C.REC-xmlenc-core-20021210] requires support of
251 TripleDES, AES-128, and AES-256. Processors that decrypt Deleted
252 Entry Documents MUST be able to decrypt with AES-128 in Cipher Block
253 Chaining (CBC) mode.
255 Encryption based on [W3C.REC-xmlenc-core-20021210] does not ensure
256 integrity of the original document. There are known cryptographic
257 attacks where someone who cannot decrypt a message can still change
258 bits in a way where part or all the decrypted message makes sense but
259 has a different meaning. Thus, Processors that decrypt Deleted Entry
260 Documents SHOULD check the integrity of the decrypted document by
261 verifying the hash in the signature (if any) in the document, or by
262 verifying a hash of the document within the document (if any).
264 When a Deleted Entry Document is to be both signed and encrypted, it
265 is generally a good idea to first sign the document, then encrypt the
266 signed document. This provides integrity to the base document while
267 encrypting all the information, including the identity of the entity
268 that signed the document. Note that, if MACs are used for
269 authentication, the order MUST be that the document is signed and
270 then encrypted, and not the other way around.
272 7. Security Considerations
274 As specified in [RFC4287], Atom processors should be aware of the
275 potential for spoofing attacks where an attacker publishes atom:entry
276 or atom:deleted-entry elements using the same atom:id values as
277 entries from other Atom feeds. An attacker may attempt to trick an
278 application into believing that a given entry has either been removed
279 from or added to a feed. To mitigate this issue, Atom processors are
280 advised to ignore at:deleted-entry elements referencing entries that
281 have not previously appeared within the containing Feed document and
282 should take steps to verify the origin of the Atom feed before
283 considering the entries to be removed.
285 The at:deleted-entry element can be encrypted and signed using
286 [W3C.REC-xmlenc-core-20021210] and [W3C.REC-xmldsig-core-20020212],
287 respectively, and are subject to the security considerations implied
288 by their use.
290 Digital signatures provide authentication, message integrity, and
291 non-repudiation with proof of origin. Encryption provides data
292 confidentiality.
294 An application supporting the use of digitally signed atom:entry and
295 at:deleted-entry elements should be aware of the potential issues
296 that could arise if a at:deleted-entry element indicating the
297 deletion of an atom:entry element has been signed using a different
298 key than what was used to sign the atom:entry, or when an unsigned
299 at:deleted-entry is used to indicate the deletion of a signed atom:
300 entry. Either case can potentially indicate a form of spoofing
301 attack. Processors must take steps to verify the validity of the at:
302 deleted-entry element.
304 8. IANA Considerations
306 A Deleted Entry Document, when serialized as XML 1.0, can be
307 identified with the following media type:
309 MIME media type name: application
310 MIME subtype name: atomdeleted+xml
311 Mandatory parameters: None.
312 Optional parameters:
313 "charset": This parameter has semantics identical to the charset
314 parameter of the "application/xml" media type as specified in
315 [RFC3023].
316 Encoding considerations: Identical to those of "application/xml" as
317 described in [RFC3023], Section 3.2.
318 Security considerations: As defined in this specification.
319 In addition, as this media type uses the "+xml" convention, it
320 shares the same security considerations as described in [RFC3023],
321 Section 10.
322 Interoperability considerations: There are no known interoperability
323 issues.
324 Published specification: This specification.
325 Applications that use this media type: No known applications
326 currently use this media type.
328 Additional information:
330 Magic number(s): As specified for "application/xml" in [RFC3023],
331 Section 3.2.
332 File extension: .atomdeleted
333 Fragment identifiers: As specified for "application/xml" in
334 [RFC3023], Section 5.
335 Base URI: As specified in [RFC3023], Section 6.
336 Macintosh File Type code: TEXT
337 Person and email address to contact for further information:
338 James M Snell
339 Intended usage: COMMON
340 Author/Change controller: IESG
342 9. Acknowledgements
344 The author gratefully acknowledges the feedback from the members of
345 the Atom Publishing Format and Protocol working group during the
346 development of this specification.
348 10. Normative References
350 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
351 Requirement Levels", BCP 14, RFC 2119, March 1997.
353 [RFC3023] Murata, M., St. Laurent, S., and D. Kohn, "XML Media
354 Types", RFC 3023, January 2001.
356 [RFC3339] Klyne, G., Ed. and C. Newman, "Date and Time on the
357 Internet: Timestamps", RFC 3339, July 2002.
359 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
360 Resource Identifier (URI): Generic Syntax", STD 66,
361 RFC 3986, January 2005.
363 [RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource
364 Identifiers (IRIs)", RFC 3987, January 2005.
366 [RFC4287] Nottingham, M., Ed. and R. Sayre, Ed., "The Atom
367 Syndication Format", RFC 4287, December 2005.
369 [W3C.REC-xml-20040204]
370 Bray, T., Maler, E., Paoli, J., Yergeau, F., and C.
371 Sperberg-McQueen, "Extensible Markup Language (XML) 1.0
372 (Third Edition)", World Wide Web Consortium
373 FirstEdition REC-xml-20040204, February 2004,
374 .
376 [W3C.REC-xml-c14n-20010315]
377 Boyer, J., "Canonical XML Version 1.0", World Wide Web
378 Consortium Recommendation REC-xml-c14n-20010315,
379 March 2001,
380 .
382 [W3C.REC-xml-exc-c14n-20020718]
383 Reagle, J., Boyer, J., and D. 3rd, "Exclusive XML
384 Canonicalization Version 1.0", World Wide Web Consortium
385 Recommendation REC-xml-exc-c14n-20020718, July 2002,
386 .
388 [W3C.REC-xml-names-19990114]
389 Hollander, D., Bray, T., and A. Layman, "Namespaces in
390 XML", World Wide Web Consortium FirstEdition REC-xml-
391 names-19990114, January 1999,
392 .
394 [W3C.REC-xmlbase-20010627]
395 Marsh, J., "XML Base", World Wide Web Consortium
396 FirstEdition REC-xmlbase-20010627, June 2001,
397 .
399 [W3C.REC-xmldsig-core-20020212]
400 Solo, D., Reagle, J., and D. Eastlake, "XML-Signature
401 Syntax and Processing", World Wide Web Consortium
402 FirstEdition REC-xmldsig-core-20020212, February 2002,
403 .
405 [W3C.REC-xmlenc-core-20021210]
406 Eastlake, D. and J. Reagle, "XML Encryption Syntax and
407 Processing", World Wide Web Consortium Recommendation REC-
408 xmlenc-core-20021210, December 2002,
409 .
411 Author's Address
413 James M Snell
415 Phone:
416 Email: jasnell@us.ibm.com
417 URI: http://ibm.com