[Standards] XEP-0138: security considerations
kevin at kismith.co.uk
Thu Apr 24 16:47:03 UTC 2014
On Mon, Apr 14, 2014 at 3:53 PM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
> On 4/14/14, 8:33 AM, Philipp Hancke wrote:
>>> 1. A server implementation MUST NOT turn on compression by default;
>>> instead, it MUST enable a server administrator to turn on compression if
>> Any particular reason to use RFC 2119 language here (and in 2+3).
>> Otherwise this LGTM.
>>> 3. A server implementation MUST enable a server administrator to
>>> limit the amount of bandwidth it will allow a connected client or peer
>>> server to use in a given time period.
>> We have that already in
>> http://xmpp.org/extensions/xep-0205.html#rec-bandwidth so if this
>> repeated here (which seems like a good idea) there should be a reference.
> In fact, some of this text is in RFC 6120:
> Mostly we're strengthening that here, and if 6120bis is ever published we'll
> strengthen the text in the core spec.
I hope we wouldn't tighten it - it's already too strong with SHOULDs
on stuff that's entirely implementation detail.
More information about the Standards