[Standards] Re: [jdev] XEP-0115: Entity Capabilities

Ian Paterson ian.paterson at clientside.co.uk
Wed Jul 4 11:35:46 UTC 2007

Hi Dave :-)

Dave Cridland wrote:
> The scenario you mentioned above becomes significantly more difficult 
> with ext in play, especially if predefined sets are the norm.

'ext' and pre-defined sets only improve security if the choice of a 
"weak" hash makes pre-image attacks "possible". So why don't we make 
things easier for everyone and simply recommend a stronger hash instead?

> I agree that this is additional cost in terms of complexity, and I'd 
> probably argue against it if it weren't mostly in place already.

Yes, several clients (but not all) have this in place. However, I 
sincerely hope and expect that the number of XMPP clients that will be 
developed in the future will be many times the number in existance 
today. It is far easier for the developers of existing clients to remove 
support for 'ext' than it will be for the developers of new clients to 
code support for 'ext'. The more simple we can make XEP-0115 (or any 
other protocol) the easier it will be to attract new developers to XMPP.

- Ian

More information about the Standards mailing list