[Security] [jdev] Spoofing of iq ids and misbehaving servers

Philipp Hancke fippo at goodadvice.pages.de
Mon Feb 3 09:13:37 UTC 2014


> It wasn't a complain, I've just explained why servers do behave different 
> than the current RFC says. I had the impression several people seem to not 
> know that there was a quiet different RFC before 6120 and most servers were 
> created long time ago.

Sure. But RFC 3920 has been obsoleted by RFC 6120, so if you still want to 
call yourself an XMPP server you'd better implement 6120.

But yeah, that's one of the reasons we should update the compliance 
suites. We actually have XEP-0302 doing that, but it never moved to draft 
for some reason.


More information about the Security mailing list