[standards-jig] auth & reg redux

Peter Saint-Andre stpeter at jabber.org
Fri May 30 16:48:20 UTC 2003


Hmm, further questions arise.

1. Should these JEPs remain standards-track? We made them
   standards-track so that we could include them in our protocol 
   compliance testing suite (JEP-0073). Is that reasoning still
   valid? I think so, but I'm not 100% sure now.

2. It seems odd to advance a protocol to Draft when we know that it
   will be deprecated and then made obsolete on a fairly well-known
   schedule.

My feeling is that we make these standards-track, with a review every
six months to determine if they should be deprecated. But I'm open to 
argument.

Peter 

On Fri, May 30, 2003 at 11:33:06AM -0500, Peter Saint-Andre wrote:
> So it seems like this "esecret" and "edigest" stuff was premature. I'm
> going to remove that content from JEPs 77 and 78 respectively. I'm also
> going to add information about deprecating these protocols. Well, at
> least for jabber:iq:auth. Any thoughts on deprecating jabber:iq:register
> as well? It does seem woefully insecure, so my feeling is that we would
> do best to put both of these protocols on a schedule for review and 
> potential deprecation by the Council -- every six months seems to be 
> about right.



More information about the Standards mailing list