在XMPP RFC ,有两个 MUST 指令声明用于 STARTTLS 和 SASL 的 XML 不得包含任何空格,这是为了规范中规定的“安全层字节精度”。那是什么?
RFC 相关摘录:
...
During STARTTLS negotiation, the entities MUST NOT send any whitespace as separators between XML elements (i.e., from the last character of the first-level element qualified by the 'urn:ietf:params:xml:ns:xmpp-tls' namespace as sent by the initiating entity, until the last character of the first-level element qualified by the 'urn:ietf:params:xml:ns:xmpp-tls' namespace as sent by the receiving entity). This prohibition helps to ensure proper security layer byte precision.
... During SASL negotiation, the entities MUST NOT send any whitespace as separators between XML elements (i.e., from the last character of the first-level element qualified by the 'urn:ietf:params:xml:ns:xmpp-sasl' namespace as sent by the initiating entity, until the last character of the first-level element qualified by the 'urn:ietf:params:xml:ns:xmpp-sasl' namespace as sent by the receiving entity). This prohibition helps to ensure proper security layer byte precision.
最佳答案
这个指令是为了确保正确处理字节流。想象一下,如果客户端在 XML 片段之后发送换行符,它可能会发送这样的响应:
<response ... /> [LF]
服务器将逐步解析 XML 直到最后的“>”,此时它将发送 <success/>。元素返回给客户端。现在客户端将发送一个新的流开始即 <stream:stream ... >使用安全层。这应该会导致服务器端的安全层中断,因为它会期望额外的 LF 字符成为安全层的一部分,而实际上它不是。
您可能会说服务器应该在发出 <success/> 之前简单地清除其接收缓冲区数据包,但这不是处理字节流的正确方法。毕竟,底层子系统可能延迟了该 LF 字符的传递,服务器可能会在发送 <success/> 后收到它。数据包。
当然,解决方案是让客户端不发送此类额外数据。您可以阅读有关此特定讨论的更多信息 here在邮件列表上。
关于安全层字节精度?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/12021374/