[Standards] compliance: Basic Client (0211)

Peter Saint-Andre stpeter at jabber.org
Wed May 9 16:15:24 UTC 2007


Bruce Campbell wrote:
> 
> On Tue, 8 May 2007, Peter Saint-Andre wrote:
> 
>> 3. Start TLS in Basic. (In fact this is required by RFC 3920 so I 
>> don't understand the confusion.)
> 
> Strictly speaking, TLS is a 'SHOULD' in RFC 3920, not a 'MUST', thus TLS 
> is a 'Recommended', not a 'Required' in Basic Client 2008 (XEP 0211).

Section 12 of RFC 3920 says that TLS MUST be supported by a compliant 
implementation, whether client or server.

>> 1. Stream Compression (XEP-0138) in the Basic levels. (ISTM that this 
>> should not be necessary, since Transport Layer Security includes a 
>> compression option and there should be support for it in common SSL 
>> libraries.)
> 
> For both TLS and Compression, I'm in favour of them being 'Recommended' 
> in Basic Client 2008, 'Required' in Basic Server 2008, and a 'Required' 
> in a future Basic Client 2010.

TLS is required for clients and servers.

I think it's worth considering whether to make XEP-0138 recommended.

> Since Servers take a while to be upgraded compared to the average IM 
> client, this will give the server infrastructure time to properly 
> support server-to-client encryption and compression.  

Most deployed servers probably already support TLS.

> It will also allow 
> some IM clients, which currently do not support these features, to share 
> in the marketing advantage of claiming 'Compliant with XMPP Basic Client 
> 2008!!!'.

The RFCs have been around since 2004. All servers and most clients have 
implemented TLS and SASL. I think the laggards can get into compliance 
by end of 2007. And if they can't, they are probably abandoned codebases 
in the first place.

> Once they, being the IM Client developers, have signed onto the shiny 
> icon bandwagon with a low entry bar, self-interest in having the same 
> shiny icon as everyone else will ensure that their Client supports TLS 
> and Compression when they become 'Required' in XMPP Basic Client 2010
> ('A Jabber Odyssey').

Not requiring TLS sets the bar too low IMHO.

>> 2. JID Escaping (XEP-0106) in the Basic levels. (This seems like a 
>> good idea to me.)
> 
> See above.  Keep Basic Client 2008 relatively Basic, get them addicted, 
> add features with each new edition of shiny icons and the developers 
> will happily keep up.

Recommended for XEP-0106 and XEP-0138 is not a bad idea.

Peter

-- 
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070509/86ff0bb5/attachment.bin>


More information about the Standards mailing list