[Standards] XEP-0115 Feedback

Mike Wacker mwacker66 at gmail.com
Wed Nov 16 17:22:21 UTC 2011

(1) In 5.4. Processing Method, step 3.3 states, "If the response 
includes more than one service discovery identity with the same 
category/type/lang/name, consider the entire response to be ill-formed." 
Should that actually be category/type/lang instead? XEP-0030 states, 
"the <query/> element MUST NOT include multiple <identity/> elements 
with the same category+type+xml:lang but with different 'name' values." 
Thus, the only change here would be that XEP-0115 disallows results 
which are already disallowed by XEP-0030.

(2) We may want to put a cautionary note in XEP-0128 about what should 
or should not be included as an extension. For example, if a client 
included a public encryption key in a disco#info response via service 
discovery extensions, and this key was different for each user (or 
resource), then every user would publish a different verification 
string, meaning that entity capabilities would perform no better than 
disco flooding for that given client.

If all users of a client would coalesce around a small subset of all 
possible values for any extensions added, then entity capabilities would 
still work as designed. However, I would argue IMHO that clients SHOULD 
NOT (or maybe even MUST NOT) introduce new information via service 
discovery extensions that would likely be different for each user or 

I'll save a longer rant about the tendency for developers to say, "Let's 
make XYZ extensible!" without considering, for example, the performance 
and/or security implications of such extensibility. This isn't the first 
context where I've seen extensibility potentially cause such issues, nor 
am I the first person to have such complaints :)

More information about the Standards mailing list