[Standards] certification etc.

Peter Saint-Andre stpeter at jabber.org
Tue Mar 27 20:08:30 UTC 2007


Boyd Fletcher wrote:

> On 3/26/07 6:18 PM, "Peter Saint-Andre" <stpeter at jabber.org> wrote:
> 
>> Ralph Meijer wrote:
>>> On Thu, 2007-03-22 at 18:25 -0400, Fletcher, Boyd C. CIV US USJFCOM JFL
>>> J9935 wrote:
>>>> I think stream compression should be required for the immediate suite and
>>>> File Transfer should be moved to an  advanced or a media suite.  Many
>>>> corporate and government folks have serious issues with allowing file
>>>> transfer over their collaboration systems because its hard to ensure that
>>>> the files being transferred have been properly scanned for malicious content
>>>> like viruses, trojans, worms, etc...
>>> That products are certified to a certain suite doesn't mean that
>>> deployments should enable/allow certain features...
>>>  
>> Right.
>>
>> Compliance, certification, and the requirement levels in our protocol
>> specs are all about what gets implemented in software. How the software
>> is deployed is a matter of local service policy.
>>
>> Peter
> 
 > so does anyone have an objection with making stream compression
 > required for the intermediate suite?

There are several ways to look at these suites.

One is that Basic defines things that are fundamental -- so far, that 
means stream-level stuff and service discovery. It seems to me that 
stream compression is a stream-level feature and thus it belongs in the 
Basic suite. Naturally you can do stream compression via TLS if it is 
supported in your SSL library. So it is preferred to handle stream 
compression that way. If your SSL library doesn't support the TLS bit 
for stream compression, file a bug report. The spec we defined for 
stream compression is for use when TLS-level compression is not 
available for whatever reason. So while it's a stream-level feature I 
think we would not make it REQUIRED (there are better ways to do that). 
But making it RECOMMENDED in Basic for a while might make sense, 
depending on the state of the SSL libraries out there. So: do the 
existing SSL libraries support TLS-level compression? If not, when will 
they?

Peter

-- 
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070327/d71f2464/attachment.bin>


More information about the Standards mailing list