From 996c61c7ff29b4b3bf6c8e7b32663c020243d81a Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Thu, 12 Apr 2018 13:54:46 +0100
Subject: [PATCH 2/9] spec: Don't claim that the nonce-tcp transport is
 "secured"

Like the normal TCP transport, it has no confidentiality or integrity
protection. The only difference is that it adds an extra layer of
authentication.

However, this extra authentication is easily defeated if an attacker
could be eavesdropping on the link between client and server (unlike
DBUS_COOKIE_SHA1, which for all its flaws does at least protect the
confidentiality of the magic cookie).

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 doc/dbus-specification.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml
index 14fac9ee..b79d9ae3 100644
--- a/doc/dbus-specification.xml
+++ b/doc/dbus-specification.xml
@@ -3785,8 +3785,8 @@
     <sect2 id="transports-nonce-tcp-sockets">
       <title>Nonce-secured TCP Sockets</title>
       <para>
-        The nonce-tcp transport provides a secured TCP transport, using a
-        simple authentication mechanism to ensure that only clients with read
+        The nonce-tcp transport provides a modified TCP transport using a
+        simple authentication mechanism, to ensure that only clients with read
         access to a certain location in the filesystem can connect to the server.
         The server writes a secret, the nonce, to a file and an incoming client
         connection is only accepted if the client sends the nonce right after
@@ -3805,13 +3805,13 @@
         read bytes do not match the nonce stored in the nonce file, the
         server MUST immediately drop the connection.
         If the nonce match the received byte sequence, the client is accepted
-        and the transport behaves like an unsecured tcp transport.
+        and the transport behaves like an ordinary tcp transport.
       </para>
       <para>
         After a successful connect to the server socket, the client MUST read
         the nonce from the file published by the server via the noncefile=
         key-value pair and send it over the socket. After that, the
-        transport behaves like an unsecured tcp transport.
+        transport behaves like an ordinary tcp transport.
       </para>
       <para>
         All nonce-tcp addresses are listenable. nonce-tcp addresses in which
-- 
2.17.0