[Standards] XEP-0138: security considerations

Philipp Hancke fippo at goodadvice.pages.de
Mon Apr 14 14:33:33 UTC 2014


[...]
>    1. A server implementation MUST NOT turn on compression by default;
> instead, it MUST enable a server administrator to turn on compression if
> desired.

Any particular reason to use RFC 2119 language here (and in 2+3). 
Otherwise this LGTM.

[...]
>    3. A server implementation MUST enable a server administrator to
> limit the amount of bandwidth it will allow a connected client or peer
> server to use in a given time period.

We have that already in 
http://xmpp.org/extensions/xep-0205.html#rec-bandwidth so if this 
repeated here (which seems like a good idea) there should be a reference.



More information about the Standards mailing list