[Standards] XEP-0115 redux

Tue Jan 15 12:35:48 CST 2008

Rachel Blackman wrote:
>>> 8.5 Friendly Name
>>>
>>> The 'name' attribute of the service discovery <identity/> element 
>>> enables a responding application to specify the "friendly name" for 
>>> its node. However, this attribute is excluded from the hash 
>>> generation method, primarily because it is human-readable text and 
>>> therefore may be provided in different localized versions. As a 
>>> result, its inclusion would needlessly multiply the number of 
>>> possible hash values and thus the time and resources required to 
>>> validate values of the 'ver' attribute. However, a receiving 
>>> application MAY send a service discovery information request to a 
>>> particularly JID+node combination in order to determine the friendly 
>>> name, then cache the result for that JID+node only.
>>
>> Gr.  Having email issues this morning.  This is a reply to Kevin's 
>> desire for new text.
>>
>> <suggestion>
>> However, a receiving application MAY send a service discovery 
>> information request to a particularly JID+node combination in order to 
>> determine the friendly name, but if it does so then it MUST cache the 
>> result for that JID+node combination.
>> </suggestion>
>>
>> I really wanted to cache just based on the node, but "there's an 
>> attack!" for people poisoning others' client names.  I don't think 
>> that's really a concern, but perhaps that is over-practical.
> 
> I think caching based on JID+node kind of misses the point, since you'll 
> then end up still with a flood of disco requests for any client where 
> the users want the client version information.  

Yeah, that's bad.

> As was noted in one of 
> the previous rounds of XEP-0115 discussion, many users get up-in-arms 
> about not being able to see that information.  Hence the iq:version 
> floods of old.  Correct me if I'm wrong, but didn't someone mention 
> earlier in the thread specifically that when they took out version 
> queries from a client in particular (I want to say it was Kevin talking 
> about Psi), users howled bloody murder?

Yep.

> If we can only store the friendly name on a per-JID basis, then I would 
> be willing to lay down money that user-demanded features will once again 
> effectively have a 'flood' of discovery requests of some form, in order 
> to have a friendly name to display.

Well we left the friendly name out of the last version of the spec, but 
if including it helps to prevent iq:version floods then I think it's 
worth considering. Because that is simply evil.

Naturally, if we include the friendly name (which BTW might be localized 
etc. etc.) then we lose re-usability of caps across different clients. 
Is that important?

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20080115/795ad94d/attachment-0001.bin 