[standards-jig] Small Footprint Clients and Authentication

Evan Prodromou evan at prodromou.san-francisco.ca.us
Fri May 30 17:24:56 UTC 2003


>>>>> "MT" == Matt Tucker <matt at jivesoftware.com> writes:

    MT> Evan and all, Is it a bit overkill to argue that all of our
    MT> standards efforts should be based on the capabilities of small
    MT> device clients? They are certainly important, but my bet is
    MT> that they will make up a very small percentage of overall XMPP
    MT> usage.

Matt,

I can definitely see your point. It makes a lot of sense to push
implementers towards better security practices within the XMPP
spec. And, yet, the DIGEST-MD5 and TLS requirements are a burden on
embedded device implementations.

It's a tough decision, and I don't have the answer, but it should at
least be highlighted.

    MT> If we change all wording to SHOULD in the spec, then we
    MT> don't have much of a spec and nobody can depend on
    MT> anything.

Oh, definitely. I'm not asking that all MUSTs should be changed to
SHOULDs -- just the ones I don't like. B-)

    MT> As an alternative to eroding the SASL requirements -- what if
    MT> we were to create a special mobile device spec that relaxed
    MT> some of the requirements in the standard protocol?  Mobile
    MT> devices could then conform to this spec and still be labeled
    MT> as "compliant".

I think that there's an exception for SASL authentication and TLS in
the Jabber IM Basic 1.0 spec already. With that in place, it seems
like a small, tight embedded implementation would still be able to be
"Jabber".

~ESP

-- 
Evan Prodromou
evan at prodromou.san-francisco.ca.us






More information about the Standards mailing list