[Standards-JIG] JEPS-0096 need for metadata extentions

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Fri Jun 4 20:34:12 UTC 2004


Or the server could simply insert the namespaced element directly, just like 
any other extension.  No need for a <metadata> element.

Regarding forging of the stamp, the server could refuse to accept a file 
transfer iq-set that contains the <viruscheck> element, since that would be 
an obvious forgery.

I imagine the system would work like this: server auto-accepts file transfer, 
stores it to disk, does a virus check, then turns around and does a file 
transfer request to the recipient (simulating it as coming from the original 
sender, ie with proper 'from' address).  This request would contain the 
<viruscheck> element, and when the recipient accepts, the file would actually 
be received from the server.

Provided that the recipient has a secure path to the server, this should be 
safe.

-Justin

On Friday 04 June 2004 10:40 am, Peter Saint-Andre wrote:
> Aside from David's point, you could do this with SHIM:
>
> http://www.jabber.org/jeps/jep-0131.html
>
> Peter
>
> On Fri, Jun 04, 2004 at 08:47:21AM -0600, David Waite wrote:
> > I don't quite understand what this stamp is meant to mean. Could not a
> > malicious user or virus generate an identical stamp?
> >
> > -David Waite
> >
> > On Jun 4, 2004, at 5:58 AM, christian.stange wrote:
> > >In developing services over jabber file transfer, I ve stumbled over a
> > >small problem.
> > >
> > >My intention is to provide virus scan on all files that goes trough my
> > >server. I think I've managed to find a way to do this. But after doing
> > >this, I wish to provide metadata that says I've scanned that file.
> > >
> > >My hope is that in a future I could write a client that exposed this,
> > >and also could brand it:
> > >
> > >
> > ><file xmlns='http://jabber.org/protocol/si/profile/file-transfer'
> > >          name='test.txt'
> > >          size='1022'
> > >          hash='552da749930852c69ae5d2141d3766b1'
> > >          date='1969-07-21T02:56:15Z'/>
> > ><metadata>
> > >	<viruscheck
> > >xmlns='http://my_private_server/protocol/some_VS_namespace'
> > >		status='clean'
> > >		desc='Checked for Virus and Malware by MegaStupidCorp' />
> > >	<someother .......
> > >		/>
> > ></meatdata>
> > >
> > >
> > >I have several different needs for providing additional metadata to
> > >filetransfers, and while I do not need other clients to interprete
> > >these data (they are optional, informal data), I need all clients to
> > >be able to log it (they are vital when we have to do bug tracking).
> > >Lets drop the issue that most clients doesn't log filetransfers for
> > >the moment (*shudder*).
> > >
> > >Thus there should be some kind of freeform metadata "area" in the
> > >protocol where we can add private XML code that just get logged.
> > >
> > >As soon as we had put this "area" in the protocol, we could start
> > >adding metadata protocols like formalizing an xml code for virusscan.
> > >This way all servers that provided virusscan could investigate the
> > >metadata and detect the need to viruscheck the file.
> > >
> > >Chris
>
> _______________________________________________
> Standards-JIG mailing list
> Standards-JIG at jabber.org
> https://jabberstudio.org/mailman/listinfo/standards-jig




More information about the Standards mailing list