[standards-jig] No Subject....

Iain Shigeoka iainshigeoka at yahoo.com
Mon Feb 4 19:57:58 UTC 2002


On 2/1/02 4:12 PM, "Mike Lin" <mikelin at MIT.EDU> wrote:

>> I disagree.  If we can isolate errors to frames, the behavior of error
>> response (esp to malformed XML) can be changed dramatically.  Errors within
>> a frame don't need to invalidate the session as they do now.  I also don't
>> like the implication that the server will still need to parse the XML in a
>> frame.  I don't think this is necessarily true if the framing is designed
>> properly.
> 
> While we are building Jabber on top of TCP, any misframe is likely in
> the extreme to be the result of either obvious programmer error or
> malicious attack. In either case I think it is acceptable in the near
> term for this to be a session-ending error.

Agreed.  Well tentatively.  :)  Consider someone using an HTML formatter
that uses <br> rather than the XML compliant <br/> in marked up messages
(xhtml-basic).  If we follow Postel's robustness principle ("be conservative
in what you send, liberal in what you accept") it would be nice to accept
this malformed XML within a message packet and do a best attempt at
rendering the message content rather than booting the client without a
by-your-leave.

> So long as this is true, all endpoints must verify the well-formedness
> (or "well-balancedness" to be completely correct) of payload content.
> There is not really any way around this, but it is at least not as
> difficult as building a full DOM.

True.  Although I still think it would be really nice to allow the less
strict basic HTML into message packets without worrying about creating
malformed XML.  Also, with Jabber refusing many XML features like processing
instructions I question exactly where Jabber streams really fall into the
standard compliance landscape...

> I will at this point again note that JEP-0017 is a near-term,
> backwards-compatible solution. We are trying to take small steps in
> order to learn about the big ones (JNG).

Yes.  Hence, I have moved the discussion of JNG to another thread.  With
regard to JEP 0017, I think our original discussion still stands: there are
difficult problems here and it may just not be worth addressing without a
willingness to consider alternatives to Jabber's "pure XML" approach...
Will a stopgap XML framing effort pay off and be adopted?

-iain


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




More information about the Standards mailing list