[Standards] XEP 297 xmlns and lang preservation in forwarding

Dave Cridland dave at cridland.net
Thu Aug 14 22:18:11 UTC 2014


On 14 Aug 2014 22:20, "Kurt Zeilenga" <kurt.zeilenga at isode.com> wrote:
>
>
> On Aug 14, 2014, at 1:45 PM, Dave Cridland <dave at cridland.net> wrote:
>
>> On 14 August 2014 21:34, Kurt Zeilenga <kurt.zeilenga at isode.com> wrote:
>>>
>>> Maybe a reworded implementation approach...
>>>
>>> Copy stanza verbatim from the stream it was received on into
<forwarded/>, replicate any applicable item from that stream which is, per
normal XML processing, inherited by the stanza, by augmentation of the
<forwarded/> element, such as by copying all namespace declarations and any
xml:;lang attribute, to the <forwarded/> element and, if necessary,
changing the prefix for the forwarded namespace so that it's distinct from
those copied from that stream.
>>>
>>> The primary rationale for this approach is that allows verbatim copying
of the stanza from the stream it was received on (or created in respect to)
into a <forwarded/> element and avoids the need for deep inspection of the
stanza to be forwarded.
>>
>>
>> With the exception of a theoretical case where the stream namespace has
been somehow used within a stanza, I think all you need to do is declare
the content namespace as the default namespace in the forwarded element,
and copy the xml:lang from the stream to the forwarded element.
>>
>>
>> If you're worried about the theoretical stream case, copy that one too.
I suspect that in most cases, you can rewrite the stanza tag itself without
concern, thus eliding any tautological declaration of the content namespace.
>
>
> I rather program defensively so I don't have to worry if practice catches
up to theory.
>

I don't disagree with the sentiment. I rather code optimizations after
understanding the ramifications, if we're trading generalizations. ;)

>> No other namespaces need to be copied; the only other one on the stream
header would be dialback; all others are illegal.
>
>
> In 6120, dialback is mentioned in the namespace in a "for instance"
comment, implying it's not the only possible such namespace declaration
that could be present in the stream element.  For instance, wouldn't it
also be legal to declare the session management namespace (XEP 198) in the
stream element.   And the more such for instances there are, the more
likely practice will catch up to theory here.
>

What about a client declaring a namespace whose presence indicates
something about its security? Are you allowing a receiver of a forwarded
stanza to fingerprint the originating client?

> -- Kurt
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20140814/c44ff092/attachment.html>


More information about the Standards mailing list