[Standards] XEP-0138: security considerations
stpeter at stpeter.im
Mon Apr 14 14:53:49 UTC 2014
On 4/14/14, 8:33 AM, Philipp Hancke wrote:
>> 1. A server implementation MUST NOT turn on compression by default;
>> instead, it MUST enable a server administrator to turn on compression if
> Any particular reason to use RFC 2119 language here (and in 2+3).
> Otherwise this LGTM.
>> 3. A server implementation MUST enable a server administrator to
>> limit the amount of bandwidth it will allow a connected client or peer
>> server to use in a given time period.
> We have that already in
> http://xmpp.org/extensions/xep-0205.html#rec-bandwidth so if this
> repeated here (which seems like a good idea) there should be a reference.
In fact, some of this text is in RFC 6120:
Mostly we're strengthening that here, and if 6120bis is ever published
we'll strengthen the text in the core spec.
More information about the Standards