[Standards] XEP 297 xmlns and lang preservation in forwarding

Kurt Zeilenga kurt.zeilenga at isode.com
Thu Aug 14 23:05:27 UTC 2014


On Aug 14, 2014, at 3:18 PM, Dave Cridland <dave at cridland.net> wrote:>> No other namespaces need to be copied; the only other one on the stream header would be dialback; all others are illegal.
> >
> >
> > In 6120, dialback is mentioned in the namespace in a "for instance" comment, implying it's not the only possible such namespace declaration that could be present in the stream element.  For instance, wouldn't it also be legal to declare the session management namespace (XEP 198) in the stream element.   And the more such for instances there are, the more likely practice will catch up to theory here.
> >
> 
> What about a client declaring a namespace whose presence indicates something about its security? Are you allowing a receiver of a forwarded stanza to fingerprint the originating client?
> 
> 

Isn't that kind of obvious in forwarding in general?   Even if not, XEP 297 does say "Forwarding stanzas can reveal information about the original sender".

Or maybe you meant that my approach allows the receiver to fingerprint the entity which delivered the original stanza to the forwarding entity, which generally wouldn't be the originating entity.

If so, I point out out that this concern should not be new to my approach.  Certainly the receiver could be various means using forwarding to gleam information about any number of entities which handled the original stanza or the forwarded stanza.

If the forwarder was particularly concerned, it should deep inspection to figure out which aspects of the stream where used in the stanza to be forwarded and only copy those needed...  and if an entity in the middle was concerned, it could use namespaces in a manner that they would not be available for reuse in stanzas they pass.  Namely, only declare the stream namespace in the stream header, and make it the default... and declare the content namepace as default in the stanza element.   And always put lang tags on elements one creates or relays.  Etc.

Maybe XEP 295 should also say:
	Forwarding stanzas can reveal information about entities which handled the original stanza (as well information about entities which handled the forwarded stanza).

-- Kurt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20140814/4bf6ae5e/attachment.html>


More information about the Standards mailing list