tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search

RFC 3920

 
 
 

Extensible Messaging and Presence Protocol (XMPP): Core

Part 3 of 4, p. 48 to 74
Prev RFC Part       Next RFC Part

 


prevText      Top      Up      ToC       Page 48 
9.  XML Stanzas

   After TLS negotiation (Section 5) if desired, SASL negotiation
   (Section 6), and Resource Binding (Section 7) if necessary, XML
   stanzas can be sent over the streams.  Three kinds of XML stanza are
   defined for the 'jabber:client' and 'jabber:server' namespaces:
   <message/>, <presence/>, and <iq/>.  In addition, there are five
   common attributes for these kinds of stanza.  These common
   attributes, as well as the basic semantics of the three stanza kinds,
   are defined herein; more detailed information regarding the syntax of
   XML stanzas in relation to instant messaging and presence
   applications is provided in [XMPP-IM].

9.1.  Common Attributes

   The following five attributes are common to message, presence, and IQ
   stanzas:

9.1.1.  to

   The 'to' attribute specifies the JID of the intended recipient for
   the stanza.

   In the 'jabber:client' namespace, a stanza SHOULD possess a 'to'
   attribute, although a stanza sent from a client to a server for
   handling by that server (e.g., presence sent to the server for
   broadcasting to other entities) SHOULD NOT possess a 'to' attribute.

   In the 'jabber:server' namespace, a stanza MUST possess a 'to'
   attribute; if a server receives a stanza that does not meet this
   restriction, it MUST generate an <improper-addressing/> stream error
   condition and terminate both the XML stream and the underlying TCP
   connection with the offending server.

Top      Up      ToC       Page 49 
   If the value of the 'to' attribute is invalid or cannot be contacted,
   the entity discovering that fact (usually the sender's or recipient's
   server) MUST return an appropriate error to the sender, setting the
   'from' attribute of the error stanza to the value provided in the
   'to' attribute of the offending stanza.

9.1.2.  from

   The 'from' attribute specifies the JID of the sender.

   When a server receives an XML stanza within the context of an
   authenticated stream qualified by the 'jabber:client' namespace, it
   MUST do one of the following:

   1.  validate that the value of the 'from' attribute provided by the
       client is that of a connected resource for the associated entity

   2.  add a 'from' address to the stanza whose value is the bare JID
       (<node@domain>) or the full JID (<node@domain/resource>)
       determined by the server for the connected resource that
       generated the stanza (see Determination of Addresses (Section
       3.5))

   If a client attempts to send an XML stanza for which the value of the
   'from' attribute does not match one of the connected resources for
   that entity, the server SHOULD return an <invalid-from/> stream error
   to the client.  If a client attempts to send an XML stanza over a
   stream that is not yet authenticated, the server SHOULD return a
   <not-authorized/> stream error to the client.  If generated, both of
   these conditions MUST result in closure of the stream and termination
   of the underlying TCP connection; this helps to prevent a denial of
   service attack launched from a rogue client.

   When a server generates a stanza from the server itself for delivery
   to a connected client (e.g., in the context of data storage services
   provided by the server on behalf of the client), the stanza MUST
   either (1) not include a 'from' attribute or (2) include a 'from'
   attribute whose value is the account's bare JID (<node@domain>) or
   client's full JID (<node@domain/resource>).  A server MUST NOT send
   to the client a stanza without a 'from' attribute if the stanza was
   not generated by the server itself.  When a client receives a stanza
   that does not include a 'from' attribute, it MUST assume that the
   stanza is from the server to which the client is connected.

   In the 'jabber:server' namespace, a stanza MUST possess a 'from'
   attribute; if a server receives a stanza that does not meet this
   restriction, it MUST generate an <improper-addressing/> stream error
   condition.  Furthermore, the domain identifier portion of the JID

Top      Up      ToC       Page 50 
   contained in the 'from' attribute MUST match the hostname of the
   sending server (or any validated domain thereof, such as a validated
   subdomain of the sending server's hostname or another validated
   domain hosted by the sending server) as communicated in the SASL
   negotiation or dialback negotiation; if a server receives a stanza
   that does not meet this restriction, it MUST generate an
   <invalid-from/> stream error condition.  Both of these conditions
   MUST result in closing of the stream and termination of the
   underlying TCP connection; this helps to prevent a denial of service
   attack launched from a rogue server.

9.1.3.  id

   The optional 'id' attribute MAY be used by a sending entity for
   internal tracking of stanzas that it sends and receives (especially
   for tracking the request-response interaction inherent in the
   semantics of IQ stanzas).  It is OPTIONAL for the value of the 'id'
   attribute to be unique globally, within a domain, or within a stream.
   The semantics of IQ stanzas impose additional restrictions; see IQ
   Semantics (Section 9.2.3).

9.1.4.  type

   The 'type' attribute specifies detailed information about the purpose
   or context of the message, presence, or IQ stanza.  The particular
   allowable values for the 'type' attribute vary depending on whether
   the stanza is a message, presence, or IQ; the values for message and
   presence stanzas are specific to instant messaging and presence
   applications and therefore are defined in [XMPP-IM], whereas the
   values for IQ stanzas specify the role of an IQ stanza in a
   structured request-response "conversation" and thus are defined under
   IQ Semantics (Section 9.2.3) below.  The only 'type' value common to
   all three stanzas is "error"; see Stanza Errors (Section 9.3).

9.1.5.  xml:lang

   A stanza SHOULD possess an 'xml:lang' attribute (as defined in
   Section 2.12 of [XML]) if the stanza contains XML character data that
   is intended to be presented to a human user (as explained in RFC 2277
   [CHARSET], "internationalization is for humans").  The value of the
   'xml:lang' attribute specifies the default language of any such
   human-readable XML character data, which MAY be overridden by the
   'xml:lang' attribute of a specific child element.  If a stanza does
   not possess an 'xml:lang' attribute, an implementation MUST assume
   that the default language is that specified for the stream as defined
   under Stream Attributes (Section 4.4) above.  The value of the
   'xml:lang' attribute MUST be an NMTOKEN and MUST conform to the
   format defined in RFC 3066 [LANGTAGS].

Top      Up      ToC       Page 51 
9.2.  Basic Semantics

9.2.1.  Message Semantics

   The <message/> stanza kind can be seen as a "push" mechanism whereby
   one entity pushes information to another entity, similar to the
   communications that occur in a system such as email.  All message
   stanzas SHOULD possess a 'to' attribute that specifies the intended
   recipient of the message; upon receiving such a stanza, a server
   SHOULD route or deliver it to the intended recipient (see Server
   Rules for Handling XML Stanzas (Section 10) for general routing and
   delivery rules related to XML stanzas).

9.2.2.  Presence Semantics

   The <presence/> element can be seen as a basic broadcast or
   "publish-subscribe" mechanism, whereby multiple entities receive
   information about an entity to which they have subscribed (in this
   case, network availability information).  In general, a publishing
   entity SHOULD send a presence stanza with no 'to' attribute, in which
   case the server to which the entity is connected SHOULD broadcast or
   multiplex that stanza to all subscribing entities.  However, a
   publishing entity MAY also send a presence stanza with a 'to'
   attribute, in which case the server SHOULD route or deliver that
   stanza to the intended recipient.  See Server Rules for Handling XML
   Stanzas (Section 10) for general routing and delivery rules related
   to XML stanzas, and [XMPP-IM] for presence-specific rules in the
   context of an instant messaging and presence application.

9.2.3.  IQ Semantics

   Info/Query, or IQ, is a request-response mechanism, similar in some
   ways to [HTTP].  The semantics of IQ enable an entity to make a
   request of, and receive a response from, another entity.  The data
   content of the request and response is defined by the namespace
   declaration of a direct child element of the IQ element, and the
   interaction is tracked by the requesting entity through use of the
   'id' attribute.  Thus, IQ interactions follow a common pattern of
   structured data exchange such as get/result or set/result (although
   an error may be returned in reply to a request if appropriate):

Top      Up      ToC       Page 52 
   Requesting                 Responding
     Entity                     Entity
   ----------                 ----------
       |                           |
       | <iq type='get' id='1'>    |
       | ------------------------> |
       |                           |
       | <iq type='result' id='1'> |
       | <------------------------ |
       |                           |
       | <iq type='set' id='2'>    |
       | ------------------------> |
       |                           |
       | <iq type='error' id='2'>  |
       | <------------------------ |
       |                           |

   In order to enforce these semantics, the following rules apply:

   1.  The 'id' attribute is REQUIRED for IQ stanzas.

   2.  The 'type' attribute is REQUIRED for IQ stanzas.  The value MUST
       be one of the following:

       *  get -- The stanza is a request for information or
          requirements.

       *  set -- The stanza provides required data, sets new values, or
          replaces existing values.

       *  result -- The stanza is a response to a successful get or set
          request.

       *  error -- An error has occurred regarding processing or
          delivery of a previously-sent get or set (see Stanza Errors
          (Section 9.3)).

   3.  An entity that receives an IQ request of type "get" or "set" MUST
       reply with an IQ response of type "result" or "error" (the
       response MUST preserve the 'id' attribute of the request).

   4.  An entity that receives a stanza of type "result" or "error" MUST
       NOT respond to the stanza by sending a further IQ response of
       type "result" or "error"; however, as shown above, the requesting
       entity MAY send another request (e.g., an IQ of type "set" in
       order to provide required information discovered through a
       get/result pair).

Top      Up      ToC       Page 53 
   5.  An IQ stanza of type "get" or "set" MUST contain one and only one
       child element that specifies the semantics of the particular
       request or response.

   6.  An IQ stanza of type "result" MUST include zero or one child
       elements.

   7.  An IQ stanza of type "error" SHOULD include the child element
       contained in the associated "get" or "set" and MUST include an
       <error/> child; for details, see Stanza Errors (Section 9.3).

9.3.  Stanza Errors

   Stanza-related errors are handled in a manner similar to stream
   errors (Section 4.7).  However, unlike stream errors, stanza errors
   are recoverable; therefore error stanzas include hints regarding
   actions that the original sender can take in order to remedy the
   error.

9.3.1.  Rules

   The following rules apply to stanza-related errors:

   o  The receiving or processing entity that detects an error condition
      in relation to a stanza MUST return to the sending entity a stanza
      of the same kind (message, presence, or IQ), whose 'type'
      attribute is set to a value of "error" (such a stanza is called an
      "error stanza" herein).

   o  The entity that generates an error stanza SHOULD include the
      original XML sent so that the sender can inspect and, if
      necessary, correct the XML before attempting to resend.

   o  An error stanza MUST contain an <error/> child element.

   o  An <error/> child MUST NOT be included if the 'type' attribute has
      a value other than "error" (or if there is no 'type' attribute).

   o  An entity that receives an error stanza MUST NOT respond to the
      stanza with a further error stanza; this helps to prevent looping.

Top      Up      ToC       Page 54 
9.3.2.  Syntax

   The syntax for stanza-related errors is as follows:

   <stanza-kind to='sender' type='error'>
     [RECOMMENDED to include sender XML here]
     <error type='error-type'>
       <defined-condition xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
       <text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'
             xml:lang='langcode'>
         OPTIONAL descriptive text
       </text>
       [OPTIONAL application-specific condition element]
     </error>
   </stanza-kind>

   The stanza-kind is one of message, presence, or iq.

   The value of the <error/> element's 'type' attribute MUST be one of
   the following:

   o  cancel -- do not retry (the error is unrecoverable)
   o  continue -- proceed (the condition was only a warning)
   o  modify -- retry after changing the data sent
   o  auth -- retry after providing credentials
   o  wait -- retry after waiting (the error is temporary)

   The <error/> element:

   o  MUST contain a child element corresponding to one of the defined
      stanza error conditions specified below; this element MUST be
      qualified by the 'urn:ietf:params:xml:ns:xmpp-stanzas' namespace.

   o  MAY contain a <text/> child containing XML character data that
      describes the error in more detail; this element MUST be qualified
      by the 'urn:ietf:params:xml:ns:xmpp-stanzas' namespace and SHOULD
      possess an 'xml:lang' attribute.

   o  MAY contain a child element for an application-specific error
      condition; this element MUST be qualified by an
      application-defined namespace, and its structure is defined by
      that namespace.

   The <text/> element is OPTIONAL.  If included, it SHOULD be used only
   to provide descriptive or diagnostic information that supplements the
   meaning of a defined condition or application-specific condition.  It
   SHOULD NOT be interpreted programmatically by an application.  It

Top      Up      ToC       Page 55 
   SHOULD NOT be used as the error message presented to a user, but MAY
   be shown in addition to the error message associated with the
   included condition element (or elements).

   Finally, to maintain backward compatibility, the schema (specified in
   [XMPP-IM]) allows the optional inclusion of a 'code' attribute on the
   <error/> element.

9.3.3.  Defined Conditions

   The following conditions are defined for use in stanza errors.

   o  <bad-request/> -- the sender has sent XML that is malformed or
      that cannot be processed (e.g., an IQ stanza that includes an
      unrecognized value of the 'type' attribute); the associated error
      type SHOULD be "modify".

   o  <conflict/> -- access cannot be granted because an existing
      resource or session exists with the same name or address; the
      associated error type SHOULD be "cancel".

   o  <feature-not-implemented/> -- the feature requested is not
      implemented by the recipient or server and therefore cannot be
      processed; the associated error type SHOULD be "cancel".

   o  <forbidden/> -- the requesting entity does not possess the
      required permissions to perform the action; the associated error
      type SHOULD be "auth".

   o  <gone/> -- the recipient or server can no longer be contacted at
      this address (the error stanza MAY contain a new address in the
      XML character data of the <gone/> element); the associated error
      type SHOULD be "modify".

   o  <internal-server-error/> -- the server could not process the
      stanza because of a misconfiguration or an otherwise-undefined
      internal server error; the associated error type SHOULD be "wait".

   o  <item-not-found/> -- the addressed JID or item requested cannot be
      found; the associated error type SHOULD be "cancel".

   o  <jid-malformed/> -- the sending entity has provided or
      communicated an XMPP address (e.g., a value of the 'to' attribute)
      or aspect thereof (e.g., a resource identifier) that does not
      adhere to the syntax defined in Addressing Scheme (Section 3); the
      associated error type SHOULD be "modify".

Top      Up      ToC       Page 56 
   o  <not-acceptable/> -- the recipient or server understands the
      request but is refusing to process it because it does not meet
      criteria defined by the recipient or server (e.g., a local policy
      regarding acceptable words in messages); the associated error type
      SHOULD be "modify".

   o  <not-allowed/> -- the recipient or server does not allow any
      entity to perform the action; the associated error type SHOULD be
      "cancel".

   o  <not-authorized/> -- the sender must provide proper credentials
      before being allowed to perform the action, or has provided
      improper credentials; the associated error type SHOULD be "auth".

   o  <payment-required/> -- the requesting entity is not authorized to
      access the requested service because payment is required; the
      associated error type SHOULD be "auth".

   o  <recipient-unavailable/> -- the intended recipient is temporarily
      unavailable; the associated error type SHOULD be "wait" (note: an
      application MUST NOT return this error if doing so would provide
      information about the intended recipient's network availability to
      an entity that is not authorized to know such information).

   o  <redirect/> -- the recipient or server is redirecting requests for
      this information to another entity, usually temporarily (the error
      stanza SHOULD contain the alternate address, which MUST be a valid
      JID, in the XML character data of the <redirect/> element); the
      associated error type SHOULD be "modify".

   o  <registration-required/> -- the requesting entity is not
      authorized to access the requested service because registration is
      required; the associated error type SHOULD be "auth".

   o  <remote-server-not-found/> -- a remote server or service specified
      as part or all of the JID of the intended recipient does not
      exist; the associated error type SHOULD be "cancel".

   o  <remote-server-timeout/> -- a remote server or service specified
      as part or all of the JID of the intended recipient (or required
      to fulfill a request) could not be contacted within a reasonable
      amount of time; the associated error type SHOULD be "wait".

   o  <resource-constraint/> -- the server or recipient lacks the system
      resources necessary to service the request; the associated error
      type SHOULD be "wait".

Top      Up      ToC       Page 57 
   o  <service-unavailable/> -- the server or recipient does not
      currently provide the requested service; the associated error type
      SHOULD be "cancel".

   o  <subscription-required/> -- the requesting entity is not
      authorized to access the requested service because a subscription
      is required; the associated error type SHOULD be "auth".

   o  <undefined-condition/> -- the error condition is not one of those
      defined by the other conditions in this list; any error type may
      be associated with this condition, and it SHOULD be used only in
      conjunction with an application-specific condition.

   o  <unexpected-request/> -- the recipient or server understood the
      request but was not expecting it at this time (e.g., the request
      was out of order); the associated error type SHOULD be "wait".

9.3.4.  Application-Specific Conditions

   As noted, an application MAY provide application-specific stanza
   error information by including a properly-namespaced child in the
   error element.  The application-specific element SHOULD supplement or
   further qualify a defined element.  Thus, the <error/> element will
   contain two or three child elements:

   <iq type='error' id='some-id'>
     <error type='modify'>
       <bad-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
       <too-many-parameters xmlns='application-ns'/>
     </error>
   </iq>

   <message type='error' id='another-id'>
     <error type='modify'>
       <undefined-condition
             xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
       <text xml:lang='en'
             xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>
         Some special application diagnostic information...
       </text>
       <special-application-condition xmlns='application-ns'/>
     </error>
   </message>

Top      Up      ToC       Page 58 
10.  Server Rules for Handling XML Stanzas

   Compliant server implementations MUST ensure in-order processing of
   XML stanzas between any two entities.

   Beyond the requirement for in-order processing, each server
   implementation will contain its own "delivery tree" for handling
   stanzas it receives.  Such a tree determines whether a stanza needs
   to be routed to another domain, processed internally, or delivered to
   a resource associated with a connected node.  The following rules
   apply:

10.1.  No 'to' Address

   If the stanza possesses no 'to' attribute, the server SHOULD process
   it on behalf of the entity that sent it.  Because all stanzas
   received from other servers MUST possess a 'to' attribute, this rule
   applies only to stanzas received from a registered entity (such as a
   client) that is connected to the server.  If the server receives a
   presence stanza with no 'to' attribute, the server SHOULD broadcast
   it to the entities that are subscribed to the sending entity's
   presence, if applicable (the semantics of presence broadcast for
   instant messaging and presence applications are defined in
   [XMPP-IM]).  If the server receives an IQ stanza of type "get" or
   "set" with no 'to' attribute and it understands the namespace that
   qualifies the content of the stanza, it MUST either process the
   stanza on behalf of the sending entity (where the meaning of
   "process" is determined by the semantics of the qualifying namespace)
   or return an error to the sending entity.

10.2.  Foreign Domain

   If the hostname of the domain identifier portion of the JID contained
   in the 'to' attribute does not match one of the configured hostnames
   of the server itself or a subdomain thereof, the server SHOULD route
   the stanza to the foreign domain (subject to local service
   provisioning and security policies regarding inter-domain
   communication).  There are two possible cases:

   A server-to-server stream already exists between the two domains: The
      sender's server routes the stanza to the authoritative server for
      the foreign domain over the existing stream

   There exists no server-to-server stream between the two domains: The
      sender's server (1) resolves the hostname of the foreign domain
      (as defined under Server-to-Server Communications (Section 14.4)),
      (2) negotiates a server-to-server stream between the two domains
      (as defined under Use of TLS (Section 5) and Use of SASL (Section

Top      Up      ToC       Page 59 
      6)), and (3) routes the stanza to the authoritative server for the
      foreign domain over the newly-established stream

   If routing to the recipient's server is unsuccessful, the sender's
   server MUST return an error to the sender; if the recipient's server
   can be contacted but delivery by the recipient's server to the
   recipient is unsuccessful, the recipient's server MUST return an
   error to the sender by way of the sender's server.

10.3.  Subdomain

   If the hostname of the domain identifier portion of the JID contained
   in the 'to' attribute matches a subdomain of one of the configured
   hostnames of the server itself, the server MUST either process the
   stanza itself or route the stanza to a specialized service that is
   responsible for that subdomain (if the subdomain is configured), or
   return an error to the sender (if the subdomain is not configured).

10.4.  Mere Domain or Specific Resource

   If the hostname of the domain identifier portion of the JID contained
   in the 'to' attribute matches a configured hostname of the server
   itself and the JID contained in the 'to' attribute is of the form
   <domain> or <domain/resource>, the server (or a defined resource
   thereof) MUST either process the stanza as appropriate for the stanza
   kind or return an error stanza to the sender.

10.5.  Node in Same Domain

   If the hostname of the domain identifier portion of the JID contained
   in the 'to' attribute matches a configured hostname of the server
   itself and the JID contained in the 'to' attribute is of the form
   <node@domain> or <node@domain/resource>, the server SHOULD deliver
   the stanza to the intended recipient of the stanza as represented by
   the JID contained in the 'to' attribute.  The following rules apply:

   1.  If the JID contains a resource identifier (i.e., is of the form
       <node@domain/resource>) and there exists a connected resource
       that matches the full JID, the recipient's server SHOULD deliver
       the stanza to the stream or session that exactly matches the
       resource identifier.

   2.  If the JID contains a resource identifier and there exists no
       connected resource that matches the full JID, the recipient's
       server SHOULD return a <service-unavailable/> stanza error to the
       sender.

Top      Up      ToC       Page 60 
   3.  If the JID is of the form <node@domain> and there exists at least
       one connected resource for the node, the recipient's server
       SHOULD deliver the stanza to at least one of the connected
       resources, according to application-specific rules (a set of
       delivery rules for instant messaging and presence applications is
       defined in [XMPP-IM]).

11.  XML Usage within XMPP

11.1.  Restrictions

   XMPP is a simplified and specialized protocol for streaming XML
   elements in order to exchange structured information in close to real
   time.  Because XMPP does not require the parsing of arbitrary and
   complete XML documents, there is no requirement that XMPP needs to
   support the full feature set of [XML].  In particular, the following
   restrictions apply.

   With regard to XML generation, an XMPP implementation MUST NOT inject
   into an XML stream any of the following:

   o  comments (as defined in Section 2.5 of [XML])

   o  processing instructions (Section 2.6 therein)

   o  internal or external DTD subsets (Section 2.8 therein)

   o  internal or external entity references (Section 4.2 therein) with
      the exception of predefined entities (Section 4.6 therein)

   o  character data or attribute values containing unescaped characters
      that map to the predefined entities (Section 4.6 therein); such
      characters MUST be escaped

   With regard to XML processing, if an XMPP implementation receives
   such restricted XML data, it MUST ignore the data.

11.2.  XML Namespace Names and Prefixes

   XML Namespaces [XML-NAMES] are used within all XMPP-compliant XML to
   create strict boundaries of data ownership.  The basic function of
   namespaces is to separate different vocabularies of XML elements that
   are structurally mixed together.  Ensuring that XMPP-compliant XML is
   namespace-aware enables any allowable XML to be structurally mixed
   with any data element within XMPP.  Rules for XML namespace names and
   prefixes are defined in the following subsections.

Top      Up      ToC       Page 61 
11.2.1.  Streams Namespace

   A streams namespace declaration is REQUIRED in all XML stream
   headers.  The name of the streams namespace MUST be
   'http://etherx.jabber.org/streams'.  The element names of the
   <stream/> element and its <features/> and <error/> children MUST be
   qualified by the streams namespace prefix in all instances.  An
   implementation SHOULD generate only the 'stream:' prefix for these
   elements, and for historical reasons MAY accept only the 'stream:'
   prefix.

11.2.2.  Default Namespace

   A default namespace declaration is REQUIRED and is used in all XML
   streams in order to define the allowable first-level children of the
   root stream element.  This namespace declaration MUST be the same for
   the initial stream and the response stream so that both streams are
   qualified consistently.  The default namespace declaration applies to
   the stream and all stanzas sent within a stream (unless explicitly
   qualified by another namespace, or by the prefix of the streams
   namespace or the dialback namespace).

   A server implementation MUST support the following two default
   namespaces (for historical reasons, some implementations MAY support
   only these two default namespaces):

   o  jabber:client -- this default namespace is declared when the
      stream is used for communications between a client and a server

   o  jabber:server -- this default namespace is declared when the
      stream is used for communications between two servers

   A client implementation MUST support the 'jabber:client' default
   namespace, and for historical reasons MAY support only that default
   namespace.

   An implementation MUST NOT generate namespace prefixes for elements
   in the default namespace if the default namespace is 'jabber:client'
   or 'jabber:server'.  An implementation SHOULD NOT generate namespace
   prefixes for elements qualified by content (as opposed to stream)
   namespaces other than 'jabber:client' and 'jabber:server'.

   Note: The 'jabber:client' and 'jabber:server' namespaces are nearly
   identical but are used in different contexts (client-to-server
   communications for 'jabber:client' and server-to-server
   communications for 'jabber:server').  The only difference between the
   two is that the 'to' and 'from' attributes are OPTIONAL on stanzas
   sent within 'jabber:client', whereas they are REQUIRED on stanzas

Top      Up      ToC       Page 62 
   sent within 'jabber:server'.  If a compliant implementation accepts a
   stream that is qualified by the 'jabber:client' or 'jabber:server'
   namespace, it MUST support the common attributes (Section 9.1) and
   basic semantics (Section 9.2) of all three core stanza kinds
   (message, presence, and IQ).

11.2.3.  Dialback Namespace

   A dialback namespace declaration is REQUIRED for all elements used in
   server dialback (Section 8).  The name of the dialback namespace MUST
   be 'jabber:server:dialback'.  All elements qualified by this
   namespace MUST be prefixed.  An implementation SHOULD generate only
   the 'db:' prefix for such elements and MAY accept only the 'db:'
   prefix.

11.3.  Validation

   Except as noted with regard to 'to' and 'from' addresses for stanzas
   within the 'jabber:server' namespace, a server is not responsible for
   validating the XML elements forwarded to a client or another server;
   an implementation MAY choose to provide only validated data elements
   but this is OPTIONAL (although an implementation MUST NOT accept XML
   that is not well-formed).  Clients SHOULD NOT rely on the ability to
   send data which does not conform to the schemas, and SHOULD ignore
   any non-conformant elements or attributes on the incoming XML stream.
   Validation of XML streams and stanzas is OPTIONAL, and schemas are
   included herein for descriptive purposes only.

11.4.  Inclusion of Text Declaration

   Implementations SHOULD send a text declaration before sending a
   stream header.  Applications MUST follow the rules in [XML] regarding
   the circumstances under which a text declaration is included.

11.5.  Character Encoding

   Implementations MUST support the UTF-8 (RFC 3629 [UTF-8])
   transformation of Universal Character Set (ISO/IEC 10646-1 [UCS2])
   characters, as required by RFC 2277 [CHARSET].  Implementations MUST
   NOT attempt to use any other encoding.

12.  Core Compliance Requirements

   This section summarizes the specific aspects of the Extensible
   Messaging and Presence Protocol that MUST be supported by servers and
   clients in order to be considered compliant implementations, as well
   as additional protocol aspects that SHOULD be supported.  For
   compliance purposes, we draw a distinction between core protocols

Top      Up      ToC       Page 63 
   (which MUST be supported by any server or client, regardless of the
   specific application) and instant messaging protocols (which MUST be
   supported only by instant messaging and presence applications built
   on top of the core protocols).  Compliance requirements that apply to
   all servers and clients are specified in this section; compliance
   requirements for instant messaging servers and clients are specified
   in the corresponding section of [XMPP-IM].

12.1.  Servers

   In addition to all defined requirements with regard to security, XML
   usage, and internationalization, a server MUST support the following
   core protocols in order to be considered compliant:

   o  Application of the [NAMEPREP], Nodeprep (Appendix A), and
      Resourceprep (Appendix B) profiles of [STRINGPREP] to addresses
      (including ensuring that domain identifiers are internationalized
      domain names as defined in [IDNA])

   o  XML streams (Section 4), including Use of TLS (Section 5), Use of
      SASL (Section 6), and Resource Binding (Section 7)

   o  The basic semantics of the three defined stanza kinds (i.e.,
      <message/>, <presence/>, and <iq/>) as specified in stanza
      semantics (Section 9.2)

   o  Generation (and, where appropriate, handling) of error syntax and
      semantics related to streams, TLS, SASL, and XML stanzas

   In addition, a server MAY support the following core protocol:

   o  Server dialback (Section 8)

12.2.  Clients

   A client MUST support the following core protocols in order to be
   considered compliant:

   o  XML streams (Section 4), including Use of TLS (Section 5), Use of
      SASL (Section 6), and Resource Binding (Section 7)

   o  The basic semantics of the three defined stanza kinds (i.e.,
      <message/>, <presence/>, and <iq/>) as specified in stanza
      semantics (Section 9.2)

   o  Handling (and, where appropriate, generation) of error syntax and
      semantics related to streams, TLS, SASL, and XML stanzas

Top      Up      ToC       Page 64 
   In addition, a client SHOULD support the following core protocols:

   o  Generation of addresses to which the [NAMEPREP], Nodeprep
      (Appendix A), and Resourceprep (Appendix B) profiles of
      [STRINGPREP] can be applied without failing

13.  Internationalization Considerations

   XML streams MUST be encoded in UTF-8 as specified under Character
   Encoding (Section 11.5).  As specified under Stream Attributes
   (Section 4.4), an XML stream SHOULD include an 'xml:lang' attribute
   that is treated as the default language for any XML character data
   sent over the stream that is intended to be presented to a human
   user.  As specified under xml:lang (Section 9.1.5), an XML stanza
   SHOULD include an 'xml:lang' attribute if the stanza contains XML
   character data that is intended to be presented to a human user.  A
   server SHOULD apply the default 'xml:lang' attribute to stanzas it
   routes or delivers on behalf of connected entities, and MUST NOT
   modify or delete 'xml:lang' attributes from stanzas it receives from
   other entities.

14.  Security Considerations

14.1.  High Security

   For the purposes of XMPP communications (client-to-server and
   server-to-server), the term "high security" refers to the use of
   security technologies that provide both mutual authentication and
   integrity-checking; in particular, when using certificate-based
   authentication to provide high security, a chain-of-trust SHOULD be
   established out-of-band, although a shared certificate authority
   signing certificates could allow a previously unknown certificate to
   establish trust in-band.  See Section 14.2 below regarding
   certificate validation procedures.

   Implementations MUST support high security.  Service provisioning
   SHOULD use high security, subject to local security policies.

14.2.  Certificate Validation

   When an XMPP peer communicates with another peer securely, it MUST
   validate the peer's certificate.  There are three possible cases:

   Case #1: The peer contains an End Entity certificate which appears to
      be certified by a chain of certificates terminating in a trust
      anchor (as described in Section 6.1 of [X509]).

Top      Up      ToC       Page 65 
   Case #2: The peer certificate is certified by a Certificate Authority
      not known to the validating peer.

   Case #3: The peer certificate is self-signed.

   In Case #1, the validating peer MUST do one of two things:

   1.  Verify the peer certificate according to the rules of [X509].
       The certificate SHOULD then be checked against the expected
       identity of the peer following the rules described in [HTTP-TLS],
       except that a subjectAltName extension of type "xmpp" MUST be
       used as the identity if present.  If one of these checks fails,
       user-oriented clients MUST either notify the user (clients MAY
       give the user the opportunity to continue with the connection in
       any case) or terminate the connection with a bad certificate
       error.  Automated clients SHOULD terminate the connection (with a
       bad certificate error) and log the error to an appropriate audit
       log.  Automated clients MAY provide a configuration setting that
       disables this check, but MUST provide a setting that enables it.

   2.  The peer SHOULD show the certificate to a user for approval,
       including the entire certificate chain.  The peer MUST cache the
       certificate (or some non-forgeable representation such as a
       hash).  In future connections, the peer MUST verify that the same
       certificate was presented and MUST notify the user if it has
       changed.

   In Case #2 and Case #3, implementations SHOULD act as in (2) above.

14.3.  Client-to-Server Communications

   A compliant client implementation MUST support both TLS and SASL for
   connections to a server.

   The TLS protocol for encrypting XML streams (defined under Use of TLS
   (Section 5)) provides a reliable mechanism for helping to ensure the
   confidentiality and data integrity of data exchanged between two
   entities.

   The SASL protocol for authenticating XML streams (defined under Use
   of SASL (Section 6)) provides a reliable mechanism for validating
   that a client connecting to a server is who it claims to be.

   Client-to-server communications MUST NOT proceed until the DNS
   hostname asserted by the server has been resolved.  Such resolutions
   SHOULD first attempt to resolve the hostname using an [SRV] Service
   of "xmpp-client" and Proto of "tcp", resulting in resource records
   such as "_xmpp-client._tcp.example.com." (the use of the string

Top      Up      ToC       Page 66 
   "xmpp-client" for the service identifier is consistent with the IANA
   registration).  If the SRV lookup fails, the fallback is a normal
   IPv4/IPv6 address record resolution to determine the IP address,
   using the "xmpp-client" port of 5222, registered with the IANA.

   The IP address and method of access of clients MUST NOT be made
   public by a server, nor are any connections other than the original
   server connection required.  This helps to protect the client's
   server from direct attack or identification by third parties.

14.4.  Server-to-Server Communications

   A compliant server implementation MUST support both TLS and SASL for
   inter-domain communications.  For historical reasons, a compliant
   implementation SHOULD also support Server Dialback (Section 8).

   Because service provisioning is a matter of policy, it is OPTIONAL
   for any given domain to communicate with other domains, and
   server-to-server communications MAY be disabled by the administrator
   of any given deployment.  If a particular domain enables inter-domain
   communications, it SHOULD enable high security.

   Administrators may want to require use of SASL for server-to-server
   communications in order to ensure both authentication and
   confidentiality (e.g., on an organization's private network).
   Compliant implementations SHOULD support SASL for this purpose.

   Inter-domain connections MUST NOT proceed until the DNS hostnames
   asserted by the servers have been resolved.  Such resolutions MUST
   first attempt to resolve the hostname using an [SRV] Service of
   "xmpp-server" and Proto of "tcp", resulting in resource records such
   as "_xmpp-server._tcp.example.com." (the use of the string
   "xmpp-server" for the service identifier is consistent with the IANA
   registration; note well that the "xmpp-server" service identifier
   supersedes the earlier use of a "jabber" service identifier, since
   the earlier usage did not conform to [SRV]; implementations desiring
   to be backward compatible should continue to look for or answer to
   the "jabber" service identifier as well).  If the SRV lookup fails,
   the fallback is a normal IPv4/IPv6 address record resolution to
   determine the IP address, using the "xmpp-server" port 5269,
   registered with the IANA.

   Server dialback helps protect against domain spoofing, thus making it
   more difficult to spoof XML stanzas.  It is not a mechanism for
   authenticating, securing, or encrypting streams between servers as is
   done via SASL and TLS, and results in weak verification of server
   identities only.  Furthermore, it is susceptible to DNS poisoning
   attacks unless DNSSec [DNSSEC] is used, and even if the DNS

Top      Up      ToC       Page 67 
   information is accurate, dialback cannot protect from attacks where
   the attacker is capable of hijacking the IP address of the remote
   domain.  Domains requiring robust security SHOULD use TLS and SASL.
   If SASL is used for server-to-server authentication, dialback SHOULD
   NOT be used since it is unnecessary.

14.5.  Order of Layers

   The order of layers in which protocols MUST be stacked is as follows:

   1.  TCP
   2.  TLS
   3.  SASL
   4.  XMPP

   The rationale for this order is that [TCP] is the base connection
   layer used by all of the protocols stacked on top of TCP, [TLS] is
   often provided at the operating system layer, [SASL] is often
   provided at the application layer, and XMPP is the application
   itself.

14.6.  Lack of SASL Channel Binding to TLS

   The SASL framework does not provide a mechanism to bind SASL
   authentication to a security layer providing confidentiality and
   integrity protection that was negotiated at a lower layer.  This lack
   of a "channel binding" prevents SASL from being able to verify that
   the source and destination end points to which the lower layer's
   security is bound are equivalent to the end points that SASL is
   authenticating.  If the end points are not identical, the lower
   layer's security cannot be trusted to protect data transmitted
   between the SASL authenticated entities.  In such a situation, a SASL
   security layer should be negotiated that effectively ignores the
   presence of the lower layer security.

14.7.  Mandatory-to-Implement Technologies

   At a minimum, all implementations MUST support the following
   mechanisms:

   for authentication: the SASL [DIGEST-MD5] mechanism

   for confidentiality: TLS (using the TLS_RSA_WITH_3DES_EDE_CBC_SHA
      cipher)

   for both: TLS plus SASL EXTERNAL(using the
      TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher supporting client-side
      certificates)

Top      Up      ToC       Page 68 
14.8.  Firewalls

   Communications using XMPP normally occur over [TCP] connections on
   port 5222 (client-to-server) or port 5269 (server-to-server), as
   registered with the IANA (see IANA Considerations (Section 15)).  Use
   of these well-known ports allows administrators to easily enable or
   disable XMPP activity through existing and commonly-deployed
   firewalls.

14.9.  Use of base64 in SASL

   Both the client and the server MUST verify any [BASE64] data received
   during SASL negotiation.  An implementation MUST reject (not ignore)
   any characters that are not explicitly allowed by the base64
   alphabet; this helps to guard against creation of a covert channel
   that could be used to "leak" information.  An implementation MUST NOT
   break on invalid input and MUST reject any sequence of base64
   characters containing the pad ('=') character if that character is
   included as something other than the last character of the data
   (e.g., "=AAA" or "BBBB=CCC"); this helps to guard against buffer
   overflow attacks and other attacks on the implementation.  Base 64
   encoding visually hides otherwise easily recognized information, such
   as passwords, but does not provide any computational confidentiality.
   Base 64 encoding MUST follow the definition in Section 3 of RFC 3548
   [BASE64].

14.10.  Stringprep Profiles

   XMPP makes use of the [NAMEPREP] profile of [STRINGPREP] for the
   processing of domain identifiers; for security considerations related
   to Nameprep, refer to the appropriate section of [NAMEPREP].

   In addition, XMPP defines two profiles of [STRINGPREP]: Nodeprep
   (Appendix A) for node identifiers and Resourceprep (Appendix B) for
   resource identifiers.

   The Unicode and ISO/IEC 10646 repertoires have many characters that
   look similar.  In many cases, users of security protocols might do
   visual matching, such as when comparing the names of trusted third
   parties.  Because it is impossible to map similar-looking characters
   without a great deal of context, such as knowing the fonts used,
   stringprep does nothing to map similar-looking characters together,
   nor to prohibit some characters because they look like others.

   A node identifier can be employed as one part of an entity's address
   in XMPP.  One common usage is as the username of an instant messaging
   user; another is as the name of a multi-user chat room; many other
   kinds of entities could use node identifiers as part of their

Top      Up      ToC       Page 69 
   addresses.  The security of such services could be compromised based
   on different interpretations of the internationalized node
   identifier; for example, a user entering a single internationalized
   node identifier could access another user's account information, or a
   user could gain access to an otherwise restricted chat room or
   service.

   A resource identifier can be employed as one part of an entity's
   address in XMPP.  One common usage is as the name for an instant
   messaging user's connected resource (active session); another is as
   the nickname of a user in a multi-user chat room; many other kinds of
   entities could use resource identifiers as part of their addresses.
   The security of such services could be compromised based on different
   interpretations of the internationalized resource identifier; for
   example, a user could attempt to initiate multiple sessions with the
   same name, or a user could send a message to someone other than the
   intended recipient in a multi-user chat room.

15.  IANA Considerations

15.1.  XML Namespace Name for TLS Data

   A URN sub-namespace for TLS-related data in the Extensible Messaging
   and Presence Protocol (XMPP) is defined as follows.  (This namespace
   name adheres to the format defined in The IETF XML Registry
   [XML-REG].)

   URI: urn:ietf:params:xml:ns:xmpp-tls
   Specification: RFC 3920
   Description: This is the XML namespace name for TLS-related data in
      the Extensible Messaging and Presence Protocol (XMPP) as defined
      by RFC 3920.
   Registrant Contact: IETF, XMPP Working Group, <xmppwg@jabber.org>

15.2.  XML Namespace Name for SASL Data

   A URN sub-namespace for SASL-related data in the Extensible Messaging
   and Presence Protocol (XMPP) is defined as follows.  (This namespace
   name adheres to the format defined in [XML-REG].)

   URI: urn:ietf:params:xml:ns:xmpp-sasl
   Specification: RFC 3920
   Description: This is the XML namespace name for SASL-related data in
      the Extensible Messaging and Presence Protocol (XMPP) as defined
      by RFC 3920.
   Registrant Contact: IETF, XMPP Working Group, <xmppwg@jabber.org>

Top      Up      ToC       Page 70 
15.3.  XML Namespace Name for Stream Errors

   A URN sub-namespace for stream-related error data in the Extensible
   Messaging and Presence Protocol (XMPP) is defined as follows.  (This
   namespace name adheres to the format defined in [XML-REG].)

   URI: urn:ietf:params:xml:ns:xmpp-streams
   Specification: RFC 3920
   Description: This is the XML namespace name for stream-related error
      data in the Extensible Messaging and Presence Protocol (XMPP) as
      defined by RFC 3920.
   Registrant Contact: IETF, XMPP Working Group, <xmppwg@jabber.org>

15.4.  XML Namespace Name for Resource Binding

   A URN sub-namespace for resource binding in the Extensible Messaging
   and Presence Protocol (XMPP) is defined as follows.  (This namespace
   name adheres to the format defined in [XML-REG].)

   URI: urn:ietf:params:xml:ns:xmpp-bind
   Specification: RFC 3920
   Description: This is the XML namespace name for resource binding in
      the Extensible Messaging and Presence Protocol (XMPP) as defined
      by RFC 3920.
   Registrant Contact: IETF, XMPP Working Group, <xmppwg@jabber.org>

15.5.  XML Namespace Name for Stanza Errors

   A URN sub-namespace for stanza-related error data in the Extensible
   Messaging and Presence Protocol (XMPP) is defined as follows.  (This
   namespace name adheres to the format defined in [XML-REG].)

   URI: urn:ietf:params:xml:ns:xmpp-stanzas
   Specification: RFC 3920
   Description: This is the XML namespace name for stanza-related error
      data in the Extensible Messaging and Presence Protocol (XMPP) as
      defined by RFC 3920.
   Registrant Contact: IETF, XMPP Working Group, <xmppwg@jabber.org>

15.6.  Nodeprep Profile of Stringprep

   The Nodeprep profile of stringprep is defined under Nodeprep
   (Appendix A).  The IANA has registered Nodeprep in the stringprep
   profile registry.

   Name of this profile:

      Nodeprep

Top      Up      ToC       Page 71 
   RFC in which the profile is defined:

      RFC 3920

   Indicator whether or not this is the newest version of the profile:

      This is the first version of Nodeprep

15.7.  Resourceprep Profile of Stringprep

   The Resourceprep profile of stringprep is defined under Resourceprep
   (Appendix B).  The IANA has registered Resourceprep in the stringprep
   profile registry.

   Name of this profile:

      Resourceprep

   RFC in which the profile is defined:

      RFC 3920

   Indicator whether or not this is the newest version of the profile:

      This is the first version of Resourceprep

15.8.  GSSAPI Service Name

   The IANA has registered "xmpp" as a GSSAPI [GSS-API] service name, as
   defined under SASL Definition (Section 6.3).

15.9.  Port Numbers

   The IANA has registered "xmpp-client" and "xmpp-server" as keywords
   for [TCP] ports 5222 and 5269 respectively.

   These ports SHOULD be used for client-to-server and server-to-server
   communications respectively, but their use is OPTIONAL.

16.  References

16.1.  Normative References

   [ABNF]       Crocker, D. and P. Overell, "Augmented BNF for Syntax
                Specifications: ABNF", RFC 2234, November 1997.

   [BASE64]     Josefsson, S., "The Base16, Base32, and Base64 Data
                Encodings", RFC 3548, July 2003.

Top      Up      ToC       Page 72 
   [CHARSET]    Alvestrand, H., "IETF Policy on Character Sets and
                Languages", BCP 18, RFC 2277, January 1998.

   [DIGEST-MD5] Leach, P. and C. Newman, "Using Digest Authentication as
                a SASL Mechanism", RFC 2831, May 2000.

   [DNS]        Mockapetris, P., "Domain names - implementation and
                specification", STD 13, RFC 1035, November 1987.

   [GSS-API]    Linn, J., "Generic Security Service Application Program
                Interface Version 2, Update 1", RFC 2743, January 2000.

   [HTTP-TLS]   Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.

   [IDNA]       Faltstrom, P., Hoffman, P., and A. Costello,
                "Internationalizing Domain Names in Applications
                (IDNA)", RFC 3490, March 2003.

   [IPv6]       Hinden, R. and S. Deering, "Internet Protocol Version 6
                (IPv6) Addressing Architecture", RFC 3513, April 2003.

   [LANGTAGS]   Alvestrand, H., "Tags for the Identification of
                Languages", BCP 47, RFC 3066, January 2001.

   [NAMEPREP]   Hoffman, P. and M. Blanchet, "Nameprep: A Stringprep
                Profile for Internationalized Domain Names (IDN)", RFC
                3491, March 2003.

   [RANDOM]     Eastlake 3rd, D., Crocker, S., and J. Schiller,
                "Randomness Recommendations for Security", RFC 1750,
                December 1994.

   [SASL]       Myers, J., "Simple Authentication and Security Layer
                (SASL)", RFC 2222, October 1997.

   [SRV]        Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
                specifying the location of services (DNS SRV)", RFC
                2782, February 2000.

   [STRINGPREP] Hoffman, P. and M. Blanchet, "Preparation of
                Internationalized Strings ("stringprep")", RFC 3454,
                December 2002.

   [TCP]        Postel, J., "Transmission Control Protocol", STD 7, RFC
                793, September 1981.

Top      Up      ToC       Page 73 
   [TERMS]      Bradner, S., "Key words for use in RFCs to Indicate
                Requirement Levels", BCP 14, RFC 2119, March 1997.

   [TLS]        Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
                RFC 2246, January 1999.

   [UCS2]       International Organization for Standardization,
                "Information Technology - Universal Multiple-octet coded
                Character Set (UCS) - Amendment 2: UCS Transformation
                Format 8 (UTF-8)", ISO Standard 10646-1 Addendum 2,
                October 1996.

   [UTF-8]      Yergeau, F., "UTF-8, a transformation format of ISO
                10646", STD 63, RFC 3629, November 2003.

   [X509]       Housley, R., Polk, W., Ford, W., and D. Solo, "Internet
                X.509 Public Key Infrastructure Certificate and
                Certificate Revocation List (CRL) Profile", RFC 3280,
                April 2002.

   [XML]        Bray, T., Paoli, J., Sperberg-McQueen, C., and E. Maler,
                "Extensible Markup Language (XML) 1.0 (2nd ed)", W3C
                REC-xml, October 2000, <http://www.w3.org/TR/REC-xml>.

   [XML-NAMES]  Bray, T., Hollander, D., and A. Layman, "Namespaces in
                XML", W3C REC-xml-names, January 1999,
                <http://www.w3.org/TR/REC-xml-names>.

16.2.  Informative References

   [ACAP]       Newman, C. and J. Myers, "ACAP -- Application
                Configuration Access Protocol", RFC 2244, November 1997.

   [ASN.1]      CCITT, "Recommendation X.208: Specification of Abstract
                Syntax Notation One (ASN.1)", 1988.

   [DNSSEC]     Eastlake 3rd, D., "Domain Name System Security
                Extensions", RFC 2535, March 1999.

   [HTTP]       Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
                Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
                Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

   [IMAP]       Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION
                4rev1", RFC 3501, March 2003.

Top      Up      ToC       Page 74 
   [IMP-REQS]   Day, M., Aggarwal, S., Mohr, G., and J. Vincent,
                "Instant Messaging / Presence Protocol Requirements",
                RFC 2779, February 2000.

   [IRC]        Oikarinen, J. and D. Reed, "Internet Relay Chat
                Protocol", RFC 1459, May 1993.

   [JEP-0029]   Kaes, C., "Definition of Jabber Identifiers (JIDs)", JSF
                JEP 0029, October 2003.

   [JEP-0078]   Saint-Andre, P., "Non-SASL Authentication", JSF JEP
                0078, July 2004.

   [JEP-0086]   Norris, R. and P. Saint-Andre, "Error Condition
                Mappings", JSF JEP 0086, February 2004.

   [JSF]        Jabber Software Foundation, "Jabber Software
                Foundation", <http://www.jabber.org/>.

   [POP3]       Myers, J. and M. Rose, "Post Office Protocol - Version
                3", STD 53, RFC 1939, May 1996.

   [SIMPLE]     SIMPLE Working Group, "SIMPLE WG",
                <http://www.ietf.org/html.charters/simple-charter.html>.

   [SMTP]       Klensin, J., "Simple Mail Transfer Protocol", RFC 2821,
                April 2001.

   [URI]        Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
                Resource Identifiers (URI): Generic Syntax", RFC 2396,
                August 1998.

   [USINGTLS]   Newman, C., "Using TLS with IMAP, POP3 and ACAP", RFC
                2595, June 1999.

   [XML-REG]    Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
                January 2004.

   [XMPP-IM]    Saint-Andre, P., Ed., "Extensible Messaging and Presence
                Protocol (XMPP): Instant Messaging and Presence", RFC
                3921, October 2004.


Next RFC Part