10 Mar
2024
10 Mar
'24
9:49 a.m.
On 3/10/24 9:18 AM, Daniel Gultsch wrote:
This message constitutes notice of a Last Call for
comments on
XEP-0360.
Title: Nonzas (are not Stanzas)
Abstract:
This specification defines the term "Nonza", describing every top
level stream element that is not a Stanza.
URL: https://xmpp.org/extensions/xep-0360.html
This Last Call begins today and shall end at the close of business on
2024-03-25.
Please consider the following questions during this Last Call and send
your feedback to the standards(a)xmpp.org discussion list:
1. Is this specification needed to fill gaps in the XMPP protocol
stack or to clarify an existing protocol?
I think this spec does a good job of clarifying the use of top-level
elements other than message, iq, and presence.
2. Does the specification solve the problem stated in
the introduction
and requirements?
Yes.
3. Do you plan to implement this specification in your
code? If not,
why not?
N/A
4. Do you have any security concerns related to this
specification?
Maybe. See below.
5. Is the specification accurate and clearly written?
In Section 4, I suggest a tweak to the following sentence:
OLD
Nonzas are commonly used when it is not necessary to route the exchanged
information behind the endpoints of an XMPP stream.
NEW
Nonzas are commonly used to exchange information between, but not
beyond, the endpoints of an XMPP stream (e.g., between a client and its
server).
In Section 5, business rule #2 states:
"Nonzas SHOULD NOT have a 'from' or 'to' attribute."
I have a few questions:
- When is it sensible to make an exception to this SHOULD NOT?
- How should the 'from' and especially 'to' attributes be handled in the
light of RFC 6120 ยง4.7?
- Could the use of these attributes introduce security issues?
- Would it be better to say MUST NOT here?
Peter