[Standards] XEP-0138: security considerations

Peter Saint-Andre stpeter at stpeter.im
Mon Apr 14 14:53:49 UTC 2014


On 4/14/14, 8:33 AM, Philipp Hancke wrote:
> [...]
>>    1. A server implementation MUST NOT turn on compression by default;
>> instead, it MUST enable a server administrator to turn on compression if
>> desired.
>
> Any particular reason to use RFC 2119 language here (and in 2+3).
> Otherwise this LGTM.
>
> [...]
>>    3. A server implementation MUST enable a server administrator to
>> limit the amount of bandwidth it will allow a connected client or peer
>> server to use in a given time period.
>
> We have that already in
> http://xmpp.org/extensions/xep-0205.html#rec-bandwidth so if this
> repeated here (which seems like a good idea) there should be a reference.

In fact, some of this text is in RFC 6120:

http://tools.ietf.org/html/rfc6120#section-13.12

Mostly we're strengthening that here, and if 6120bis is ever published 
we'll strengthen the text in the core spec.

Peter




More information about the Standards mailing list