[Standards] Addressing Security Concerns in XEP-0115 Entity Capabilities

Florian Zeitz florian.zeitz at gmx.de
Fri Sep 16 20:15:43 UTC 2011

I think I need some clarification here. I don't see why so many insist
on fixing the current caps protocol.

Caps is an optimization over regular disco. Ideally even dropping it
altogether would not leave anything broken. There are by now XEPs which
require caps, but most (all?) of them only require a server to be able
to get them.

Hence a new protocol dropping the old one at the same will:
a) Make old implementations send IQ queries to the new implementations.
Number of IQs increases with the number of implementers of the new
protocol for some time, but at a certain point that turns and the more
people implement the new protocol the fewer IQs we get.
b) Gives us a clean cut without ugly hacks (which may or may not even work)
c) Keeps presence about the same size
d) Breaks e.g. PEP on servers, however I'm under the impression that
servers are easiest to get updated since there is some competition there
(cf. SCRAM).

Florian Zeitz

More information about the Standards mailing list