XEP-xxxx: Stanza Size Limits

This document specifies an XMPP protocol extension for limiting the size of stanzas that an entity would like to receive from a server.


WARNING: This document has not yet been accepted for consideration or approved in any official manner by the XMPP Standards Foundation, and this document must not be referred to as an XMPP Extension Protocol (XEP). If this document is accepted as a XEP by the XMPP Council, it will be published at <http://www.xmpp.org/extensions/> and announced on the <standards@xmpp.org> mailing list.


Document Information

Series: XEP
Number: xxxx
Publisher: XMPP Standards Foundation
Status: ProtoXEP
Type: Standards Track
Version: 0.0.2
Last Updated: 2007-08-30
Approving Body: XMPP Council
Dependencies: XMPP Core
Supersedes: None
Superseded By: None
Short Name: NOT YET ASSIGNED

Author Information

Peter Saint-Andre

Email: stpeter@jabber.org
JabberID: stpeter@jabber.org

Legal Notice

This XMPP Extension Protocol is copyright 1999 - 2007 by the XMPP Standards Foundation (XSF) and is in full conformance with the XSF's Intellectual Property Rights Policy <http://www.xmpp.org/extensions/ipr-policy.shtml>. This material may be distributed only subject to the terms and conditions set forth in the Creative Commons Attribution License (<http://creativecommons.org/licenses/by/2.5/>).

Discussion Venue

The preferred venue for discussion of this document is the Standards discussion list: <http://mail.jabber.org/mailman/listinfo/standards>.

Relation to XMPP

The Extensible Messaging and Presence Protocol (XMPP) is defined in the XMPP Core (RFC 3920) and XMPP IM (RFC 3921) specifications contributed by the XMPP Standards Foundation to the Internet Standards Process, which is managed by the Internet Engineering Task Force in accordance with RFC 2026. Any protocol defined in this document has been developed outside the Internet Standards Process and is to be understood as an extension to XMPP rather than as an evolution, development, or modification of XMPP itself.

Conformance Terms

The following keywords as used in this document are to be interpreted as described in RFC 2119: "MUST", "SHALL", "REQUIRED"; "MUST NOT", "SHALL NOT"; "SHOULD", "RECOMMENDED"; "SHOULD NOT", "NOT RECOMMENDED"; "MAY", "OPTIONAL".


Table of Contents


1. Introduction
2. Error Handling
3. Requesting a Stanza Size Limit
4. Determining Support
5. Implementation Notes
6. Security Considerations
7. IANA Considerations
8. XMPP Registrar Considerations
    8.1. Protocol Namespaces
    8.2. Application-Specific Errors
9. XML Schema
    9.1. Limit Namespace
    9.2. Error Namespace
Notes
Revision History


1. Introduction

XMPP Core [1] does not specify a hardcoded limit on the size of XMPP stanzas. However, many XMPP servers enable the server administrator to configure a stanza size limit in order to prevent abuse of the service. Currently there is no way for a deployed server to inform senders of its stanza size limit (e.g., in an error message) or for a connected entity to request a particular limit (e.g., because the entity is on a bandwidth-constrained connection). This document specifies protocols for both of these features.

2. Error Handling

If a connected entity (client or server) attempts to send a stanza that exceeds the server's configured stanza size limit, the server SHOULD return a stanza error. The stanza error MUST be <not-acceptable/> and the stanza SHOULD include an application-specific error condition of <stanza-too-big/>. The <stanza-too-big/> element SHOULD include XML character data consisting of a positive integer that specifies the size (in bytes) of the server's configured stanza size limit.

Example 1. Stanza Error

<message type='error'>
  <error type='modify'>
    <not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
    <stanza-too-big xmlns='http://jabber.org/protocol/errors'>100000</stanza-too-big>
  </error>
</message>
  

If the server generates a stanza error, it MUST discard (i.e., not process) the offending stanza but maintain the connected entity's stream so that it can continue sending smaller stanzas (subject to rate limiting and other relevant service provisioning).

Upon being so informed of the stanza limit violation, a connected entity that understands the <stanza-too-big/> error condition MUST store the communicated limit and MUST NOT send further stanzas that exceed the limit; the connected entity MAY also attempt to resend the offending stanza after truncating it, breaking it into smaller chunks (e.g., using In-Band Bytestreams [2]), or converting it into a file and attempting to complete a file transfer using supported technologies.

However, if the sender has sent an egregiously large stanza or if the sender repeatedly attempts to send large stanzas, the server MAY generate a stream error and terminate the connected entity's XML stream (rather than sending a stanza error); the stream error condition SHOULD be <policy-violation/> and the stream error MAY include an application-specific error condition of <stanza-too-big/>.

Example 2. Stream Error

<stream:error>
  <policy-violation xmlns='urn:ietf:params:xml:ns:xmpp-streams'/>
  <stanza-too-big xmlns='http://jabber.org/protocol/errors'>100000</stanza-too-big>
</stream:error>

</stream:stream>
  

3. Requesting a Stanza Size Limit

A connected entity can request a limit on incoming stanzas by sending an IQ stanza to the server containing a <limit/> element qualified by the 'http://www.xmpp.org/extensions/xep-xxxx.html#ns' namespace (see Protocol Namespaces regarding issuance of one or more permanent namespaces), where the XML character data of the <limit/> element consists of a positive integer that specifies the size (in bytes) of the desired stanza size limit.

Example 3. Requesting a Limit

<iq from='bard@shakespeare.lit/globe'
    id='limit_1'
    to='shakespeare.lit'
    type='set'>
  <limit xmlns='http://www.xmpp.org/extensions/xep-xxxx.html#ns'>65536</limit>
</iq>
  

If the desired stanza size limit exceeds the server's configured maximum limit, it MUST return a <not-acceptable/> error, including an application-specific error of <max/> whose XML character data specifies the largest allowable stanza size limit.

Example 4. Desired Limit Too Large

<iq from='bard@shakespeare.lit/globe'
    id='limit_1'
    to='shakespeare.lit'
    type='error'>
  <limit xmlns='http://www.xmpp.org/extensions/xep-xxxx.html#ns'>500000</limit>
  <error type='modify'>
    <not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
    <max xmlns='http://www.xmpp.org/extensions/xep-xxxx.html#ns-errors'>65536</limit>
  </error>
</iq>
  

If the desired stanza size limit is smaller than the server's configured minimum limit, it MUST return a <not-acceptable/> error, including an application-specific error of <min/> whose XML character data specifies the smallest allowable stanza size limit.

Example 5. Desired Limit Too Small

<iq from='bard@shakespeare.lit/globe'
    id='limit_1'
    to='shakespeare.lit'
    type='error'>
  <limit xmlns='http://www.xmpp.org/extensions/xep-xxxx.html#ns'>100</limit>
  <error type='modify'>
    <not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
    <min xmlns='http://www.xmpp.org/extensions/xep-xxxx.html#ns-errors'>1000</limit>
  </error>
</iq>
  

If no other error condition applies and the server can set the entity's desired stanza size limit, it MUST return an IQ result.

Example 6. Limit Accepted

<iq from='shakespeare.lit' 
    id='limit_1' 
    to='bard@shakespeare.lit/globe' 
    type='result'/>
  

If the server accepts the stanza size limit, it MUST NOT deliver inbound stanzas to the connected entity that exceed the limit.

4. Determining Support

If a server supports the ability for a connected client or server to set a size limit on nincoming stanzas, it SHOULD return a feature of "http://www.xmpp.org/extensions/xep-xxxx.html#ns" (see Protocol Namespaces regarding issuance of one or more permanent namespaces) in response to Service Discovery [3] information requests.

Example 7. Service Discovery Information Request

<iq from='bard@shakespeare.lit/globe' id='disco_1' to='shakespeare.lit' type='get'>
  <query xmlns='http://jabber.org/protocol/disco#info'/>
</iq>
  

Example 8. Service Discovery Information Reply

<iq from='shakespeare.lit' id='disco_1' to='bard@shakespeare.lit/globe' type='get'>
  <query xmlns='http://jabber.org/protocol/disco#info'/>
</iq>
  

5. Implementation Notes

Existing server implementations tend to limit only stanzas that are sent from a connected entity to either another connected entity on the local domain or an entity at a foreign domain; that is, stanzas exchanged between the server and the connected entity (e.g., XMPP rosters) tend to be exempt from the stanza size limit. Whether a given server implementation emulates that behavior is up to the implementation.

6. Security Considerations

If a server communicates its stanza size limit, malicious entities could use that information to send a large number of stanzas that are just below the limit as a way to launch a denial of service attack. However, server implementations presumably have other ways of dealing with this problem (e.g., limiting the number of stanzas that a connected entity may send in any given time period).

7. IANA Considerations

This document requires no interaction with the Internet Assigned Numbers Authority (IANA) [4].

8. XMPP Registrar Considerations

8.1 Protocol Namespaces

Until this specification advances to a status of Draft, its associated namespace shall be "http://www.xmpp.org/extensions/xep-xxxx.html#ns"; upon advancement of this specification, the XMPP Registrar [5] shall issue a permanent namespace in accordance with the process defined in Section 4 of XMPP Registrar Function [6].

8.2 Application-Specific Errors

The XMPP Registrar shall add <resource-limit-exceeded/> to its registry of application-specific error conditions (see <http://www.xmpp.org/registrar/errors.html>), where the element is qualified by the 'http://jabber.org/protocol/errors' namespace.

The registry submission is as follows:

<condition>
  <ns>http://jabber.org/protocol/errors</ns>
  <element>stanza-too-big</element>
  <desc>the sending entity has attempted to send a stanza that exceeds the server's stanza size limit</desc>
  <doc>XEP-xxxx</doc>
</condition>
    

9. XML Schema

9.1 Limit Namespace

<?xml version='1.0' encoding='UTF-8'?>

<xs:schema
    xmlns:xs='http://www.w3.org/2001/XMLSchema'
    targetNamespace='http://www.xmpp.org/extensions/xep-xxxx.html#ns'
    xmlns='http://www.xmpp.org/extensions/xep-xxxx.html#ns'
    elementFormDefault='qualified'>

  <xs:element name='limit' type='xs:positiveInteger'/>

</xs:schema>
    

9.2 Error Namespace

<?xml version='1.0' encoding='UTF-8'?>

<xs:schema
    xmlns:xs='http://www.w3.org/2001/XMLSchema'
    targetNamespace='http://jabber.org/protocol/errors'
    xmlns='http://jabber.org/protocol/errors'
    elementFormDefault='qualified'>

  <xs:element name='stanza-too-big' type='xs:positiveInteger'/>

</xs:schema>
    

Notes

1. RFC 3920: Extensible Messaging and Presence Protocol (XMPP): Core <http://tools.ietf.org/html/rfc3920>.

2. XEP-0047: In-Band Bytestreams <http://www.xmpp.org/extensions/xep-0047.html>.

3. XEP-0030: Service Discovery <http://www.xmpp.org/extensions/xep-0030.html>.

4. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols, such as port numbers and URI schemes. For further information, see <http://www.iana.org/>.

5. The XMPP Registrar maintains a list of reserved protocol namespaces as well as registries of parameters used in the context of XMPP extension protocols approved by the XMPP Standards Foundation. For further information, see <http://www.xmpp.org/registrar/>.

6. XEP-0053: XMPP Registrar Function <http://www.xmpp.org/extensions/xep-0053.html>.


Revision History

Version 0.0.2 (2007-08-30)

Further specified client and server behavior as well as protocol flows for error cases; added implementation notes.

(psa)

Version 0.0.1 (2007-08-01)

First draft.

(psa)

END