idnits 2.17.1
draft-snell-atompub-tombstones-14.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
No issues found here.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
-- The document seems to lack a disclaimer for pre-RFC5378 work, but may
have content which was first submitted before 10 November 2008. If you
have contacted all the original authors and they are all willing to grant
the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
this comment. If not, you may need to add the pre-RFC5378 disclaimer.
(See the Legal Provisions document at
https://trustee.ietf.org/license-info for more information.)
-- The document date (January 24, 2012) is 4476 days in the past. Is this
intentional?
Checking references for intended status: Informational
----------------------------------------------------------------------------
** Obsolete normative reference: RFC 3023 (Obsoleted by RFC 7303)
Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 2 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 Network Working Group J. Snell
3 Internet-Draft January 24, 2012
4 Intended status: Informational
5 Expires: July 27, 2012
7 The Atom "deleted-entry" Element
8 draft-snell-atompub-tombstones-14.txt
10 Abstract
12 This specification adds mechanisms to the Atom Syndication Format
13 which publishers of Atom Feed and Entry documents can use to
14 explicitly identify Atom entries that have been removed.
16 Status of this Memo
18 This Internet-Draft is submitted to IETF in full conformance with the
19 provisions of BCP 78 and BCP 79.
21 Internet-Drafts are working documents of the Internet Engineering
22 Task Force (IETF). Note that other groups may also distribute
23 working documents as Internet-Drafts. The list of current Internet-
24 Drafts is at http://datatracker.ietf.org/drafts/current/.
26 Internet-Drafts are draft documents valid for a maximum of six months
27 and may be updated, replaced, or obsoleted by other documents at any
28 time. It is inappropriate to use Internet-Drafts as reference
29 material or to cite them other than as "work in progress."
31 This Internet-Draft will expire on July 27, 2012.
33 Copyright Notice
35 Copyright (c) 2012 IETF Trust and the persons identified as the
36 document authors. All rights reserved.
38 This document is subject to BCP 78 and the IETF Trust's Legal
39 Provisions Relating to IETF Documents
40 (http://trustee.ietf.org/license-info) in effect on the date of
41 publication of this document. Please review these documents
42 carefully, as they describe your rights and restrictions with respect
43 to this document. Code Components extracted from this document must
44 include Simplified BSD License text as described in Section 4.e of
45 the Trust Legal Provisions and are provided without warranty as
46 described in the Simplified BSD License.
48 Table of Contents
50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
51 2. Notational Conventions . . . . . . . . . . . . . . . . . . . . 3
52 3. The at:deleted-entry element . . . . . . . . . . . . . . . . . 3
53 4. Deleted Entry Document . . . . . . . . . . . . . . . . . . . . 5
54 5. Digital Signatures . . . . . . . . . . . . . . . . . . . . . . 6
55 6. Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . 7
56 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7
57 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
58 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9
59 10. Normative References . . . . . . . . . . . . . . . . . . . . . 9
60 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 10
62 1. Introduction
64 This specification adds mechanisms to the Atom Syndication Format
65 which publishers of Atom Feed and Entry documents can use to
66 explicitly identify Atom entries that have been removed.
68 2. Notational Conventions
70 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
71 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
72 document are to be interpreted as described in [RFC2119].
74 This specification uses XML Namespaces [W3C.REC-xml-names-19990114]
75 to uniquely identify XML element names. It uses the following
76 namespace prefix for the indicated namespace URI;
78 "at": "http://purl.org/atompub/tombstones/1.0"
80 3. The at:deleted-entry element
82 The at:deleted-entry element represents an Atom Entry that has been
83 removed.
85 deletedEntry =
86 element at:deleted-entry {
87 atomCommonAttributes,
88 attribute ref { atomUri },
89 attribute when { atomDateConstruct },
90 ( element at:by { atomPersonConstruct }?
91 & element at:comment { atomTextConstruct }?
92 & element atom:link { atomLink }*
93 & element atom:source { atomSource }?
94 & anyElement* )
95 }
97 The at:deleted-entry element MUST contain a ref attribute whose value
98 specifies the value of the atom:id of the entry that has been
99 removed.
101 The at:deleted-entry element MUST contain a when attribute whose
102 value is an [RFC3339] "date-time" specifying the instant the entry
103 was removed. An uppercase "T" character MUST be used to separate
104 date and time, and an uppercase "Z" character MUST be present in the
105 absence of a numeric time zone offset
107 The at:deleted-entry element MAY contain one at:by element used to
108 identify the entity that removed the entry. The at:by element is an
109 Atom Person Construct as defined by Section 3.2 of [RFC4287].
111 The at:deleted-entry element MAY contain one at:comment element whose
112 value provides additional, language-sensitive information about the
113 deletion operation. The atom:comment element is an Atom Text
114 Construct as defined by Section 3.1 of [RFC4287].
116 The at:deleted-entry element MAY contain any number of atom:link
117 elements as specified by Section 4.2.7 of [RFC4287].
119 The at:deleted-entry element MAY contain one atom:source element as
120 defined by Section 4.2.11 of [RFC4287]. Within the context of an at:
121 deleted-entry element, the atom:source element is intended to allow
122 the aggregation of at:deleted-entry element from different feeds
123 while retaining information about an at:deleted-entry's source feed.
124 When an at:deleted-entry element appears in a Feed document other
125 than it's source Feed or when an at:deleted-entry element that has a
126 source Feed document is used in the context of a Deleted Entry
127 Document, it MUST contain an atom:source element.
129 An Atom feed MAY contain any number of at:deleted-entry elements, but
130 MUST NOT contain more than one with the same combination of ref and
131 when attribute values.
133
135 ...
136
137
141
142
145
146 John Doe
147 jdoe@example.org
148
149 Removed comment spam
150
151 ...
152
154 An Atom feed MAY contain atom:entry elements and at:deleted-entry
155 elements sharing the same atom:id value. Atom processors SHOULD
156 ignore any at:deleted-entry elements sharing an atom:id value with an
157 atom:entry whose atom:updated element specifies a date and time more
158 recent than or equal to the at:deleted-entry element's when value.
160 Implementors should note that the at:deleted-entry element is
161 informative in nature only and may be ignored by Atom processors.
162 The presence of an at:deleted-entry element does not guarantee that
163 the atom:entry to which it is referring will no longer be available.
165 Elements and attributes from any XML vocabulary MAY be used within an
166 at:deleted-entry element. Processors encountering such markup MUST
167 NOT stop processing or signal an error. It might be the case that
168 the Processor is able to process the foreign markup correctly and
169 does so. When unknown markup is encountered as a child of at:
170 deleted-entry, Processors MAY bypass the markup and any textual
171 content and MUST NOT change their behavior as a result of the
172 markup's presence.
174 This specification allows the use of IRIs [RFC3987] in precisely the
175 same manner specified in Section 2 of [RFC4287].
177 Any element defined by this specification MAY have an xml:base
178 attribute [W3C.REC-xmlbase-20010627]. When xml:base is used, it
179 serves the function described in section 5.1.1 of [RFC3986],
180 establishing the base URI (or IRI) for resolving any relative
181 references found within the effective scope of the xml:base
182 attribute.
184 Any element defined by this specification MAY have an xml:lang
185 attribute, whose content indicates the natural language for the
186 element and its descendents. Requirements regarding the content and
187 interpretation of xml:lang are specified in XML 1.0
188 [W3C.REC-xml-20040204], Section 2.12.
190 4. Deleted Entry Document
192 A "Deleted Entry Document" represents exactly one at:deleted-entry
193 element outside the context of an Atom feed. It's root is the at:
194 deleted-entry element.
196 namespace at = "http://purl.org/atompub/tombstones/1.0"
197 start = at:deleted-entry
199 Deleted Entry Documents are specified in terms of the XML Information
200 Set, serialized as XML 1.0 [W3C.REC-xml-20040204] and identified with
201 the "application/atomdeleted+xml" media type. Deleted Entry
202 Documents MUST be well-formed XML. This specification does not
203 define a DTD for Deleted Entry Documents, and hence does not require
204 them to be valid (in the sense used by XML).
206 5. Digital Signatures
208 The at:deleted-entry element MAY have an Enveloped Signature, as
209 described by XML-Signature and Syntax Processing
210 [W3C.REC-xmldsig-core-20020212].
212 Processors MUST NOT reject an at:deleted-entry containing such a
213 signature because they are not capable of verifying it; they MUST
214 continue processing and MAY inform the user of their failure to
215 validate the signature.
217 In other words, the presence of an element with the namespace URI
218 "http://www.w3.org/2000/09/xmldsig#" and a local name of "Signature"
219 as a child of the document element MUST NOT cause an Processor to
220 fail merely because of its presence.
222 Section 6.5.1 of [W3C.REC-xmldsig-core-20020212] requires support for
223 Canonical XML [W3C.REC-xml-c14n-20010315]. However, many
224 implementers do not use it because signed XML documents enclosed in
225 other XML documents have their signatures broken. Thus, Processors
226 that verify signed at:deleted-entry elements MUST be able to
227 canonicalize with the exclusive XML canonicalization method
228 identified by the URI "http://www.w3.org/2001/10/xml-exc-c14n#", as
229 specified in Exclusive XML Canonicalization
230 [W3C.REC-xml-exc-c14n-20020718].
232 Intermediaries such as aggregators may need to add an atom:source
233 element to an at:deleted-entry that does not contain its own atom:
234 source element. If such an entry is signed, the addition will break
235 the signature. Thus, a publisher of individually-signed at:deleted-
236 entry's should strongly consider adding an atom:source element to
237 those elements before signing them. Implementers should also be
238 aware of the issues concerning the use of markup in the "xml:"
239 namespace as it interacts with canonicalization.
241 Section 4.4.2 of [W3C.REC-xmldsig-core-20020212] requires support for
242 DSA signatures and recommends support for RSA signatures. However,
243 because of the much greater popularity in the market of RSA versus
244 DSA, Atom Processors that verify signed Atom Documents MUST be able
245 to verify RSA signatures, but do not need be able to verify DSA
246 signatures. Due to security issues that can arise if the keying
247 material for message authentication code (MAC) authentication is not
248 handled properly, Atom Documents SHOULD NOT use MACs for signatures.
250 6. Encryption
252 The root of a Deleted Entry Document (the at:deleted-entry element)
253 MAY be encrypted, using the mechanisms described by XML Encryption
254 Syntax and Processing [W3C.REC-xmlenc-core-20021210].
256 Section 5.1 of [W3C.REC-xmlenc-core-20021210] requires support of
257 TripleDES, AES-128, and AES-256. Processors that decrypt Deleted
258 Entry Documents MUST be able to decrypt with AES-128 in Cipher Block
259 Chaining (CBC) mode.
261 Encryption based on [W3C.REC-xmlenc-core-20021210] does not ensure
262 integrity of the original document. There are known cryptographic
263 attacks where someone who cannot decrypt a message can still change
264 bits in a way where part or all the decrypted message makes sense but
265 has a different meaning. Thus, Processors that decrypt Deleted Entry
266 Documents SHOULD check the integrity of the decrypted document by
267 verifying the hash in the signature (if any) in the document, or by
268 verifying a hash of the document within the document (if any).
270 When a Deleted Entry Document is to be both signed and encrypted, it
271 is generally a good idea to first sign the document, then encrypt the
272 signed document. This provides integrity to the base document while
273 encrypting all the information, including the identity of the entity
274 that signed the document. Note that, if MACs are used for
275 authentication, the order MUST be that the document is signed and
276 then encrypted, and not the other way around.
278 7. Security Considerations
280 As specified in [RFC4287], Atom processors should be aware of the
281 potential for spoofing attacks where an attacker publishes atom:entry
282 or atom:deleted-entry elements using the same atom:id values as
283 entries from other Atom feeds. An attacker may attempt to trick an
284 application into believing that a given entry has either been removed
285 from or added to a feed. To mitigate this issue, Atom processors are
286 advised to ignore at:deleted-entry elements referencing entries that
287 have not previously appeared within the containing Feed document and
288 should take steps to verify the origin of the Atom feed before
289 considering the entries to be removed.
291 The at:deleted-entry element can be encrypted and signed using
292 [W3C.REC-xmlenc-core-20021210] and [W3C.REC-xmldsig-core-20020212],
293 respectively, and are subject to the security considerations implied
294 by their use.
296 Digital signatures provide authentication, message integrity, and
297 non-repudiation with proof of origin. Encryption provides data
298 confidentiality.
300 An application supporting the use of digitally signed atom:entry and
301 at:deleted-entry elements should be aware of the potential issues
302 that could arise if a at:deleted-entry element indicating the
303 deletion of an atom:entry element has been signed using a different
304 key than what was used to sign the atom:entry, or when an unsigned
305 at:deleted-entry is used to indicate the deletion of a signed atom:
306 entry. Either case can potentially indicate a form of spoofing
307 attack. Processors must take steps to verify the validity of the at:
308 deleted-entry element.
310 8. IANA Considerations
312 A Deleted Entry Document, when serialized as XML 1.0, can be
313 identified with the following media type:
315 Type name: application
316 Subtype name: atomdeleted+xml
317 Required parameters: None
318 Optional parameters: "charset" : This parameter has semantics
319 identical to the charset parameter of the "application/xml" media
320 type as specified in [RFC3023].
321 Encoding considerations: Identical to those of "application/xml"
322 as described in [RFC3023], Section 3.2.
323 Security considerations: As defined in this specification. In
324 addition, as this media type uses the "+xml" convention, it shares
325 the same security considerations as described in [RFC3023],
326 Section 10.
327 Interoperability considerations: There are no known
328 interoperability issues.
329 Published specification: This specification.
330 Applications that use this media type: Undefined. As an extension
331 to the Atom Syndication Format ([RFC4287]), this specification may
332 be used within any application that uses the Atom Format.
333 Additional information:
334 Magic number(s): As specified for "application/xml" in
335 [RFC3023], Section 3.2
336 File extension(s): .atomdeleted
337 Macintosh file type code(s): TEXT
338 Person & email address to contact for further information: James M
339 Snell
340 Intended usage: COMMON
341 Restrictions on usage: None.
343 Author: James M Snell
344 Change controller: IESG
346 9. Acknowledgements
348 The author gratefully acknowledges the feedback from the members of
349 the Atom Publishing Format and Protocol working group during the
350 development of this specification.
352 10. Normative References
354 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
355 Requirement Levels", BCP 14, RFC 2119, March 1997.
357 [RFC3023] Murata, M., St. Laurent, S., and D. Kohn, "XML Media
358 Types", RFC 3023, January 2001.
360 [RFC3339] Klyne, G., Ed. and C. Newman, "Date and Time on the
361 Internet: Timestamps", RFC 3339, July 2002.
363 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
364 Resource Identifier (URI): Generic Syntax", STD 66,
365 RFC 3986, January 2005.
367 [RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource
368 Identifiers (IRIs)", RFC 3987, January 2005.
370 [RFC4287] Nottingham, M., Ed. and R. Sayre, Ed., "The Atom
371 Syndication Format", RFC 4287, December 2005.
373 [W3C.REC-xml-20040204]
374 Yergeau, F., Maler, E., Sperberg-McQueen, C., Paoli, J.,
375 and T. Bray, "Extensible Markup Language (XML) 1.0 (Third
376 Edition)", World Wide Web Consortium FirstEdition REC-xml-
377 20040204, February 2004,
378 .
380 [W3C.REC-xml-c14n-20010315]
381 Boyer, J., "Canonical XML Version 1.0", World Wide Web
382 Consortium Recommendation REC-xml-c14n-20010315,
383 March 2001,
384 .
386 [W3C.REC-xml-exc-c14n-20020718]
387 Reagle, J., 3rd, D., and J. Boyer, "Exclusive XML
388 Canonicalization Version 1.0", World Wide Web Consortium
389 Recommendation REC-xml-exc-c14n-20020718, July 2002,
390 .
392 [W3C.REC-xml-names-19990114]
393 Hollander, D., Bray, T., and A. Layman, "Namespaces in
394 XML", World Wide Web Consortium FirstEdition REC-xml-
395 names-19990114, January 1999,
396 .
398 [W3C.REC-xmlbase-20010627]
399 Marsh, J., "XML Base", World Wide Web Consortium
400 FirstEdition REC-xmlbase-20010627, June 2001,
401 .
403 [W3C.REC-xmldsig-core-20020212]
404 Solo, D., Reagle, J., and D. Eastlake, "XML-Signature
405 Syntax and Processing", World Wide Web Consortium
406 FirstEdition REC-xmldsig-core-20020212, February 2002,
407 .
409 [W3C.REC-xmlenc-core-20021210]
410 Eastlake, D. and J. Reagle, "XML Encryption Syntax and
411 Processing", World Wide Web Consortium Recommendation REC-
412 xmlenc-core-20021210, December 2002,
413 .
415 Author's Address
417 James M Snell
419 Phone:
420 Email: jasnell@us.ibm.com
421 URI: http://ibm.com