[Standards] LAST CALL: XEP-0198 (Stream Management)
stpeter at stpeter.im
Wed Jun 3 14:49:44 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hi Dave, thanks for the review.
On 6/2/09 3:42 PM, Dave Cridland wrote:
> On Thu May 28 21:50:34 2009, XMPP Extensions Editor wrote:
>> 4. Do you have any security concerns related to this specification?
> The Security Considerations section is a bit weak
> - I think it should
> make it clear that clients mustn't be allowed to resume other people's
> streams, and discuss how this is prevented. (Answer, don't allow
> unauthenticated clients to resume streams, etc).
Yes, I will add some text about that.
> I don't think it needs to mention intermediate proxies - that one had me
> bewildered until I realised it means transparent proxies between client
> and server.
I suppose it means things like BOSH connection managers. Justin?
>> 5. Is the specification accurate and clearly written?
> Mostly. I think it would be useful to define "handled" stanzas by way of
> transfer of responsibility.
> That is to say, each stanza, under XEP-0198, is either the
> responsibility of the sender (to send) or the receiver (to process,
> forward, etc). Until a sender receives an ack for the stanza, it has
> responsibility, and once the receiver sends an ack, it assumes
> Example 12 uses the wrong single letter element local-name - doesn't it?
> I'll probably send more comments later.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Standards