[Standards] New revised version of proposal: Signing Forms

Dave Cridland dave at cridland.net
Thu May 15 08:28:30 UTC 2014


Last one on my list. :-)

First off, it's unclear why, in §2.4, PStr does not include the 'from'
attribute if available? I also suspect it should include the 'to' only if
given in the stanza, and finally I think your use of "type" should be
replaced with "form_type" to avoid confusion with the stanza's type
attribute.

Next, typo - Example 6 should presumably have a title of "PLAINTEXT".

Overall, I really think that using the FORM_TYPE here is wrong - it means
the only forms that can be signed are form signing forms, which seems
somewhat introspective. Instead I recommend defining a new signing
indicator, perhaps a field SIGNED. It's not *wonderfully* clear in XEP-0068
whether additional generic field names such as this, or the oauth ones, can
be registered in such a way, but we can change that to accommodate this.

The reason I feel strongly here is because I'd like to be able to
potentially sign forms such as MUC configurations, and the current proposal
essentially prevents this.

I have not reviewed this document in terms of security.



On 13 May 2014 13:58, Peter Waher <Peter.Waher at clayster.com> wrote:

>  Hello
>
>
>
> I had forgotten to add an Acknowledgements section to the previous
> version. Here, an updated version with acknowledgements. If I’ve forgotten
> anybody, please let me know.
>
>
>
> Best regards,
>
> Peter Waher
>
>
>
> *From:* Peter Waher
> *Sent:* den 9 maj 2014 18:12
> *To:* standards at xmpp.org
> *Cc:* XEP Editor (editor at xmpp.org)
> *Subject:* New revised version of proposal: Signing Forms
>
>
>
> Hello
>
>
>
> Attached is a revised version of the proposed XEP: Signing Forms.
>
>
>
> All input from the community and the council has been addressed, mostly
> minor:
>
>
>
> ·         Removed links to articles expression opinions.
>
> ·         Reformulated the reference to SASL in the introduction.
>
> ·         A reference to Unicode Standard Annex #15, Unicode
> Normalization Forms, and NFC normalization has been added.
>
>
>
> Please add this to the inbox.
>
>
>
> Best regards,
>
> Peter Waher
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20140515/8900e20c/attachment.html>


More information about the Standards mailing list