22 Mar
2024
22 Mar
'24
8:46 a.m.
On 18/03/2024 09.59, Daniel Gultsch wrote:
This message constitutes notice of a Last Call for
comments on
XEP-0386.
Title: Bind 2
Abstract:
This specification provides a single-request replacement for several
activities an XMPP client needs to do at startup.
URL: https://xmpp.org/extensions/xep-0386.html
This Last Call begins today and shall end at the close of business on
2024-04-01.
Please consider the following questions during this Last Call and send
your feedback to the standards(a)xmpp.org discussion list:
1. Is this specification needed to fill gaps in the XMPP protocol
stack or to clarify an existing protocol?
Yes.
2. Does the specification solve the problem stated in
the introduction
and requirements?
Yes.
3. Do you plan to implement this specification in your
code? If not,
why not?
No immediate plans, due the lack of resources on my end. However, it is
consensus that SASL2 and Bind2 are the frontier of current XMPP
stream/session establishment and hence are, or at least will become,
highly relevant. And the fundamental design of both is solid and
incorporates our experience with the current design.
4. Do you have any security concerns related to this
specification?
No major concerns. However, I wonder if stable resource identifiers are
a sensible concept security wise. It seems sensible to be able to
restrict direct access to an end-device via unstable resource identifiers.
5. Is the specification accurate and clearly written?
Just some small remarks:
- § 6. Superfluous '.' at the end of the sentence.
- Mentions of XEPs within the document should be linked references.
Thanks for working on Bind2.
- Florian