[Standards] Nonzas: What are they and do we need them?

Georg Lukas georg at op-co.de
Mon Apr 20 15:00:11 UTC 2015


* Florian Schmaus <flo at geekplace.eu> [2015-04-20 15:27]:
> Contra:
> - Messages and IQs could be used instead
> - Can't be used with BOSH

As you pointed out below, they can be used in theory. I just assume that
most implementations will not expect them and might break in subtle ways.
IIRC, it required significant refactoring of the Smack XMPP library to
accommodate them. I'm sure similar effort will be required in most other
XMPP client and server implementations.

> - Introduces a bunch of conceptual and implementations problems

One specific problem is that they can not be accounted for in XEP-0198,
and therefore it is not clear if a Nonza got successfully delivered to
the recipient in case of stream resumption. In the CSI discussion this
caused confusion and led to the notion of resetting the CSI state on
stream resumption, which looks like fixing the symptoms.

> Pro:
> - Expresses the semantic that they are not routed
> - This increases security, as they are harder to spoof

I understand the first two points, but I'm not sure if they really
outweigh the problems.

> A. Nonzas MUST NOT be used after resource binding

With the obvious exception of XEP-0198, of course.

Georg
-- 
|| http://op-co.de ++  GCS d--(++) s: a C+++ UL+++ !P L+++ !E W+++ N  ++
|| gpg: 0x962FD2DE ||  o? K- w---() O M V? PS+ PE-- Y++ PGP+ t+ 5 R+  ||
|| Ge0rG: euIRCnet ||  X(+++) tv+ b+(++) DI+++ D- G e++++ h- r++ y?   ||
++ IRCnet OFTC OPN ||_________________________________________________||
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20150420/36cc90fc/attachment.sig>


More information about the Standards mailing list