[Standards] NEW: XEP-0220 (Server Dialback)

Peter Saint-Andre stpeter at stpeter.im
Wed Feb 20 22:36:37 UTC 2008

Philipp Hancke wrote:
> XMPP Extensions Editor wrote:
>> Version 0.1 of XEP-0220 (Server Dialback) has been released.
> I just noticed that you're omitting the text about reusing an existing
> connection as mentioned in 3920/8.3 step 5 in what is now section 4.3.
> Any particular reason for that?

Spec writer error, I think.

> The important implication from this reuse is that a verification request
> may happen at (almost) any time on a inbound stream (as seen by the
> authoritative server).

Correct. There has been some confusion about this (e.g., I think the
Google Talk service is especially aggressive about reusing connections),
so I'll work to clarify that in the next version of the spec.

> Steps 1 and 3 in the order of events are (therefore) optional and should
> be marked as such.


> and in section 4.4:
>> The Authoritative Server determines whether the key was valid or
>> invalid and informs the Receiving Server of its determination, where
>> the <db:verify/> element SHOULD include the key sent by the Receiving
>> Server:
> This 'SHOULD' was neither in RFC 3920 nor in 3920bis-01. Why was it added?

At the moment I don't recall. I'll have to check my notes and emails
about this.

> And the last sentence before section 4.5:
>> After receiving the verification from the Authoritative Server, the
>> Receiving Server SHOULD terminate the stream between them and the
>> underlying TCP connection.
> Terminating that connection is a bad idea most of the time. That
> connection may be used for establishing the
> xmpp.example.com->example.org stream, which is usually needed quite soon
> after the example.org->xmpp.example.com stream has been established.
> Therefore I think that 'MAY' is more appropriate here.

That seems better.

> A strategy that works well is to wait for the authoritative server to
> close the connection (due to idleness) and reuse the connection as
> described in section 4.1 if possible.

That seems even better.

> The piggybacking section only talks about piggybacking db:result.
> 3920bis-01 mentioned using it for db:verify also. Why was that removed?

Another spec writer error, I think.

XEP-0220 needs a complete overhaul (many more examples and error flows,
etc.). I started on that task a while back but didn't finish. Maybe that
will be an item to complete while flying to Brussels tomorrow. :)


Peter Saint-Andre

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20080220/a51fe96b/attachment.bin>

More information about the Standards mailing list