[Standards] Re: [jdev] XEP-0115: Entity Capabilities
Ian Paterson
ian.paterson at clientside.co.uk
Wed Jul 4 06:35:46 CDT 2007
Hi Dave :-)
Dave Cridland wrote:
> The scenario you mentioned above becomes significantly more difficult
> with ext in play, especially if predefined sets are the norm.
'ext' and pre-defined sets only improve security if the choice of a
"weak" hash makes pre-image attacks "possible". So why don't we make
things easier for everyone and simply recommend a stronger hash instead?
> I agree that this is additional cost in terms of complexity, and I'd
> probably argue against it if it weren't mostly in place already.
Yes, several clients (but not all) have this in place. However, I
sincerely hope and expect that the number of XMPP clients that will be
developed in the future will be many times the number in existance
today. It is far easier for the developers of existing clients to remove
support for 'ext' than it will be for the developers of new clients to
code support for 'ext'. The more simple we can make XEP-0115 (or any
other protocol) the easier it will be to attract new developers to XMPP.
- Ian
More information about the Standards
mailing list