[Standards] certification etc.
Peter Saint-Andre
stpeter at jabber.org
Tue Mar 27 15:08:30 CDT 2007
Boyd Fletcher wrote:
> On 3/26/07 6:18 PM, "Peter Saint-Andre" <stpeter at jabber.org> wrote:
>
>> Ralph Meijer wrote:
>>> On Thu, 2007-03-22 at 18:25 -0400, Fletcher, Boyd C. CIV US USJFCOM JFL
>>> J9935 wrote:
>>>> I think stream compression should be required for the immediate suite and
>>>> File Transfer should be moved to an advanced or a media suite. Many
>>>> corporate and government folks have serious issues with allowing file
>>>> transfer over their collaboration systems because its hard to ensure that
>>>> the files being transferred have been properly scanned for malicious content
>>>> like viruses, trojans, worms, etc...
>>> That products are certified to a certain suite doesn't mean that
>>> deployments should enable/allow certain features...
>>>
>> Right.
>>
>> Compliance, certification, and the requirement levels in our protocol
>> specs are all about what gets implemented in software. How the software
>> is deployed is a matter of local service policy.
>>
>> Peter
>
> so does anyone have an objection with making stream compression
> required for the intermediate suite?
There are several ways to look at these suites.
One is that Basic defines things that are fundamental -- so far, that
means stream-level stuff and service discovery. It seems to me that
stream compression is a stream-level feature and thus it belongs in the
Basic suite. Naturally you can do stream compression via TLS if it is
supported in your SSL library. So it is preferred to handle stream
compression that way. If your SSL library doesn't support the TLS bit
for stream compression, file a bug report. The spec we defined for
stream compression is for use when TLS-level compression is not
available for whatever reason. So while it's a stream-level feature I
think we would not make it REQUIRED (there are better ways to do that).
But making it RECOMMENDED in Basic for a while might make sense,
depending on the state of the SSL libraries out there. So: do the
existing SSL libraries support TLS-level compression? If not, when will
they?
Peter
--
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20070327/d71f2464/smime-0001.bin
More information about the Standards
mailing list