[Council] ping

Peter Saint-Andre stpeter at jabber.org
Fri Jun 13 12:53:52 CDT 2003


On Fri, Jun 13, 2003 at 11:16:40AM -0600, Joe Hildebrand wrote:
> "If the entity is already registered, the IQ result MUST NOT contain
> instructions and empty registration fields; "
> 
> Can this at least be weakened to a SHOULD NOT, if not removed altogether?
> It makes the client-writers job hard, since you still have to show this to a
> user.

Yeah, sorry, that should've been SHOULD.

> 3.2, there are other error cases
>  -removing an unknown user
>  -unauthorized.

True, I'll add those.

> There should probably be a thing that says that re-setting the password for
> an existing account (one with <registered/>) SHOULD NOT have an effect.

Sure, that falls out of the "already registered" case.

> That's an iq:auth thing.
>
> Oh...  That needs to be in 0078, too.  Sigh.  That probably futzes with the
> SHOULD NOT's for plaintext.

Yes, that's a separate use case in 78. I'll add that. You should only
change the password if the channel is encrypted, and a server may choose
to ignore password changes that are sent if the channel is not encrypted
(subject to service provisioning rules blah blah blah).

Peter




More information about the Council mailing list