[Standards] LAST CALL: XEP-0198 (Stream Management)

Peter Saint-Andre stpeter at stpeter.im
Wed Jun 3 14:49:44 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Dave, thanks for the review.

On 6/2/09 3:42 PM, Dave Cridland wrote:
> On Thu May 28 21:50:34 2009, XMPP Extensions Editor wrote:
>
>> 4. Do you have any security concerns related to this specification?
> 
> The Security Considerations section is a bit weak 

You're right!

> - I think it should
> make it clear that clients mustn't be allowed to resume other people's
> streams, and discuss how this is prevented. (Answer, don't allow
> unauthenticated clients to resume streams, etc).

Yes, I will add some text about that.

> I don't think it needs to mention intermediate proxies - that one had me
> bewildered until I realised it means transparent proxies between client
> and server.

I suppose it means things like BOSH connection managers. Justin?

>> 5. Is the specification accurate and clearly written?
> 
> Mostly. I think it would be useful to define "handled" stanzas by way of
> transfer of responsibility.
> 
> That is to say, each stanza, under XEP-0198, is either the
> responsibility of the sender (to send) or the receiver (to process,
> forward, etc). Until a sender receives an ack for the stanza, it has
> responsibility, and once the receiver sends an ack, it assumes
> responsibility.

Good point.

> Example 12 uses the wrong single letter element local-name - doesn't it?

Fixed.

> I'll probably send more comments later.

Thanks.

Peter

- --
Peter Saint-Andre
https://stpeter.im/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkomjYgACgkQNL8k5A2w/vw7oQCg7VPKSbcvwQz40xx7FTUQrrlq
ymEAnRsE4B8wwGhhHjTHornWUbLbSNr4
=IWTc
-----END PGP SIGNATURE-----




More information about the Standards mailing list