[Standards] XEP-0115 Feedback
mwacker66 at gmail.com
Wed Nov 16 17:22:21 UTC 2011
(1) In 5.4. Processing Method, step 3.3 states, "If the response
includes more than one service discovery identity with the same
category/type/lang/name, consider the entire response to be ill-formed."
Should that actually be category/type/lang instead? XEP-0030 states,
"the <query/> element MUST NOT include multiple <identity/> elements
with the same category+type+xml:lang but with different 'name' values."
Thus, the only change here would be that XEP-0115 disallows results
which are already disallowed by XEP-0030.
(2) We may want to put a cautionary note in XEP-0128 about what should
or should not be included as an extension. For example, if a client
included a public encryption key in a disco#info response via service
discovery extensions, and this key was different for each user (or
resource), then every user would publish a different verification
string, meaning that entity capabilities would perform no better than
disco flooding for that given client.
If all users of a client would coalesce around a small subset of all
possible values for any extensions added, then entity capabilities would
still work as designed. However, I would argue IMHO that clients SHOULD
NOT (or maybe even MUST NOT) introduce new information via service
discovery extensions that would likely be different for each user or
I'll save a longer rant about the tendency for developers to say, "Let's
make XYZ extensible!" without considering, for example, the performance
and/or security implications of such extensibility. This isn't the first
context where I've seen extensibility potentially cause such issues, nor
am I the first person to have such complaints :)
More information about the Standards