From: Simon McVittie Date: Thu, 12 Apr 2018 12:59:43 +0000 (+0100) Subject: spec: Describe the security properties of nonce-tcp in terms of tcp X-Git-Tag: dbus-1.13.4~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7fc89fb1f8cefca27e75c405f7fcd26622bad6c3;p=thirdparty%2Fdbus.git spec: Describe the security properties of nonce-tcp in terms of tcp Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004 Signed-off-by: Simon McVittie Reviewed-by: Ralf Habacker Reviewed-by: Philip Withnall --- diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml index 6ed317ff6..fc6bb1701 100644 --- a/doc/dbus-specification.xml +++ b/doc/dbus-specification.xml @@ -3809,6 +3809,32 @@ the higher-level authentication mechanisms described in the Authentication section. + + The nonce-tcp transport is conceptually similar to a combination + of the DBUS_COOKIE_SHA1 + authentication mechanism and the + tcp transport, + and appears to have originally been implemented as a result of + a misunderstanding of the SASL authentication mechanisms. + + + Like the ordinary tcp transport, the nonce-tcp transport has no + integrity or confidentiality protection, so it should normally + only be used across the local loopback interface, for example + using an address like tcp:host=127.0.0.1 or + tcp:host=localhost. Other uses are insecure. + See for more + information on situations where these transports have been used, + and alternatives to these transports. + + + Implementations of D-Bus on Windows operating systems normally + use a nonce-tcp transport via the local loopback interface. + This is because the + unix + transport, which would otherwise be recommended, is not + available on these operating systems. + On start, the server generates a random 16 byte nonce and writes it