[Security] [jdev] Spoofing of iq ids and misbehaving servers
fippo at goodadvice.pages.de
Mon Feb 3 09:13:37 UTC 2014
> It wasn't a complain, I've just explained why servers do behave different
> than the current RFC says. I had the impression several people seem to not
> know that there was a quiet different RFC before 6120 and most servers were
> created long time ago.
Sure. But RFC 3920 has been obsoleted by RFC 6120, so if you still want to
call yourself an XMPP server you'd better implement 6120.
But yeah, that's one of the reasons we should update the compliance
suites. We actually have XEP-0302 doing that, but it never moved to draft
for some reason.
More information about the Security