[standards-jig] No Subject....

Mike Lin mikelin at MIT.EDU
Sat Feb 2 00:12:31 UTC 2002


> I disagree.  If we can isolate errors to frames, the behavior of error
> response (esp to malformed XML) can be changed dramatically.  Errors within
> a frame don't need to invalidate the session as they do now.  I also don't
> like the implication that the server will still need to parse the XML in a
> frame.  I don't think this is necessarily true if the framing is designed
> properly.

While we are building Jabber on top of TCP, any misframe is likely in
the extreme to be the result of either obvious programmer error or
malicious attack. In either case I think it is acceptable in the near
term for this to be a session-ending error.

So long as this is true, all endpoints must verify the well-formedness
(or "well-balancedness" to be completely correct) of payload content.
There is not really any way around this, but it is at least not as
difficult as building a full DOM.

I will at this point again note that JEP-0017 is a near-term,
backwards-compatible solution. We are trying to take small steps in
order to learn about the big ones (JNG).

-Mike




More information about the Standards mailing list