From 6e5edcecb05c8787742803679ac5d2fe980ef180 Mon Sep 17 00:00:00 2001 From: Thilo Molitor Date: Sun, 1 Dec 2024 00:53:18 +0100 Subject: [PATCH] XEP-0480: Fix SCRAM upgrade description and XML schema --- xep-0480.xml | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/xep-0480.xml b/xep-0480.xml index a23f2d913..1f415fa03 100644 --- a/xep-0480.xml +++ b/xep-0480.xml @@ -23,6 +23,12 @@ sut &tmolitor; + + 0.2.0 + 2024-12-01 + tm + Fix SCRAM upgrade description and XML schema. + 0.1.0 2023-05-04 @@ -195,8 +201,8 @@ -

For upgrades of SCRAM mechanisms as defined in &rfc5802;, the server has to provide the needed data for the client to calculate the SaltedPassword as defined in this RFC (or some RFC updating it), namely the iteration count and salt. To do so the server sends a <salt/> element namespaced to "urn:xmpp:scram-upgrade:0" containing the salt and an attribute named "iteration" containing the iteration count as defined in that RFC, omitting the "s=" and "i=" prefix. The <salt/> element is contained within a <task-data/> wrapper element as defined in &xep0388;.

-

The client then calculates the SaltedPassword and sends back its base64 encoded value inside a <hash/> element namespaced to "urn:xmpp:scram-upgrade:0". The <hash/> element is contained within a <task-data/> wrapper element as defined in &xep0388;.

+

For upgrades of SCRAM mechanisms as defined in &rfc5802;, the server has to provide the needed data for the client to calculate the SaltedPassword as defined in this RFC (or some RFC updating it), namely the iteration count and salt. To do so the server sends a <salt/> element namespaced to "urn:xmpp:scram-upgrade:0" containing the base64 encoded salt (omitting the "s=" prefix, see &rfc5802; for the concrete definition of valid salts) and an attribute named "iterations" containing the iteration count as defined in that RFC (omitting the "i=" prefix). The <salt/> element is contained within a <task-data/> wrapper element as defined in &xep0388; and MUST NOT be empty.

+

The client then calculates the &rfc5802; SaltedPassword and sends back its base64 encoded value inside a <hash/> element namespaced to "urn:xmpp:scram-upgrade:0". The <hash/> element MUST NOT be empty and is contained within a <task-data/> wrapper element as defined in &xep0388;.

The name of the upgrade task MUST NOT conain the "-PLUS" suffix, because channel-binding is not relevant for upgrade tasks.

@@ -270,7 +276,7 @@ --> - A_SXCRXQ6sek8bf_Z + QV9TWENSWFE2c2VrOGJmX1o= @@ -330,12 +336,13 @@ xmlns="urn:xmpp:scram-upgrade:0" elementFormDefault="qualified"> - + - - - - + + + + + @@ -347,7 +354,8 @@ - + +