[Standards] LAST CALL: XEP-0232 (Software Information)
dave at cridland.net
Thu Jan 22 23:30:42 UTC 2009
On Thu Jan 22 22:45:48 2009, Joe Hildebrand wrote:
> On Jan 21, 2009, at 2:31 PM, Remko Tronçon wrote:
>> Shouldn't it be specified how the 'value' field should be
>> for things like 'icon' etc.? Should this be limited to http URIs? I
>> guess it is with data forms, because you can only have one string
>> as a
>> value child?
> Yes, this should be specified.
>> Shouldn't the security considerations mention something about
>> the icons OOB? (i.e. exposing unwanted information about location
>> etc., potential malicious files, ...)
> Yes. Particularly since there have been attacks against various
> image libraries.
New XEP suggestion: server mediated BoB resolution.
(Client asks local [trusted] server, which fetches image, checks it,
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Standards