[Standards] XEP-0115 Feedback

Mike Wacker mwacker66 at gmail.com
Wed Nov 16 17:22:21 UTC 2011


(1) In 5.4. Processing Method, step 3.3 states, "If the response 
includes more than one service discovery identity with the same 
category/type/lang/name, consider the entire response to be ill-formed." 
Should that actually be category/type/lang instead? XEP-0030 states, 
"the <query/> element MUST NOT include multiple <identity/> elements 
with the same category+type+xml:lang but with different 'name' values." 
Thus, the only change here would be that XEP-0115 disallows results 
which are already disallowed by XEP-0030.

(2) We may want to put a cautionary note in XEP-0128 about what should 
or should not be included as an extension. For example, if a client 
included a public encryption key in a disco#info response via service 
discovery extensions, and this key was different for each user (or 
resource), then every user would publish a different verification 
string, meaning that entity capabilities would perform no better than 
disco flooding for that given client.

If all users of a client would coalesce around a small subset of all 
possible values for any extensions added, then entity capabilities would 
still work as designed. However, I would argue IMHO that clients SHOULD 
NOT (or maybe even MUST NOT) introduce new information via service 
discovery extensions that would likely be different for each user or 
resource.

I'll save a longer rant about the tendency for developers to say, "Let's 
make XYZ extensible!" without considering, for example, the performance 
and/or security implications of such extensibility. This isn't the first 
context where I've seen extensibility potentially cause such issues, nor 
am I the first person to have such complaints :)



More information about the Standards mailing list