[Security] [jdev] Spoofing of iq ids and misbehaving servers
holler at ahsoftware.de
Mon Feb 3 09:44:15 UTC 2014
Am 03.02.2014 10:13, schrieb Philipp Hancke:
>> It wasn't a complain, I've just explained why servers do behave
>> different than the current RFC says. I had the impression several
>> people seem to not know that there was a quiet different RFC before
>> 6120 and most servers were created long time ago.
> Sure. But RFC 3920 has been obsoleted by RFC 6120, so if you still want
> to call yourself an XMPP server you'd better implement 6120.
The server I've written isn't of interest (here) and never was my topic.
> But yeah, that's one of the reasons we should update the compliance
> suites. We actually have XEP-0302 doing that, but it never moved to
> draft for some reason.
Sounds like a good idea. According to the list of misbehaving servers
from Thijs Alkemade there currently aren't that much servers around
which are able to call themself XMPP-servers, and I suggest to make them
aware of that.
I've just explained a reason for the current state (because no one else
did) and it only earned me flames.
More information about the Security