[Standards] summary: allowable characters

Mridul Muralidharan mridul at sun.com
Thu Aug 2 18:23:10 UTC 2007

Peter Saint-Andre wrote:
> OK, we have had a long long discussion thread about JID Escaping and
> nodeprep and allowable characters in JIDs etc. Here I summarize the
> discussion and draw some conclusions for those of you who have checked
> out. :)
> 1. Support for XEP-0106: JID Escaping (i.e., mapping of ' to \27 etc.)
> is needed only in certain specialized deployment situations -- mainly
> when an organization wants to reuse existing userids (e.g., email
> addresses) or gateway to other messaging systems.
> 2. We needed to define JID escaping because version 1 of nodeprep (see
> RFC 3920) prohibits including the characters SP " & ' / : < > @ in XMPP
> node identifiers. (See also XEP-0029.)
> 3. IIRC we prohibited some of those characters because very early Jabber
> clients didn't properly escape things like " & ' < > in XMPP 'to' and
> 'from' addresses.
> 4. One solution would be to define version 2 of nodeprep in rfc3920bis.
> As far as I can see, nodeprep2 would allow " & ' < > since those can be
> escaped in XML (e.g., XMPP 'to' address) as the predefined entities
> " & ' < >. I'm not sure why : was prohibited in the
> first place so that would be allowed. I suppose / was prohibited because
> it's used later in a full JID to differentiate the resource identifier,
> but in a node identifier I don't think it would be confusing so that
> would be allowed. 

user/id at domain and domain/res at restofres cant be differentiated if / is 

Btw, changing nodeprep now will cause quite a lot of problem with 
existing deployments - since the contact jid's are part of the user data 
- and would pretty much mean we cant adopt bis spec.

The number of deployments with these usecases are not as specialized as 
it might seem.

- Mridul

> Clearly we can't allow @ because we use that character
> as a separator between the node identifier and the domain identifier. So
> nodeprep2 would be the same as nodepre1 except that it would disallow
> only the at-sign ("@"). (Naturally we can discuss this further...) As to
> how it is discovered that a server supports nodeprep2, I will post a
> separate message about that.
> Peter

More information about the Standards mailing list