[Standards] LAST CALL: XEP-0363 (HTTP File Upload)

Daniel Gultsch daniel at gultsch.de
Tue Dec 12 09:10:50 UTC 2017


2017-12-11 21:15 GMT+01:00 Kevin Smith <kevin.smith at isode.com>:
> On 29 Nov 2017, at 19:16, Jonas Wielicki (XSF Editor) <jonas at wielicki.name> wrote:
>> 4. Do you have any security concerns related to this specification?
>
> Should probably mention that you’re going to be handing out your IP to whichever upload service you use.

I can add that.

>
>>
>> 5. Is the specification accurate and clearly written?
>
> "The service SHOULD NOT impose sanctions on an entity for retrying earlier than the specified time.”
>
> Seems a bit odd - what’s the point in specifying a limit if clients are allowed to ignore it, and the server has to process the request normally anyway?

The point is that clients don't have to parse the timestamp and could
just retry at their own convenience.
Retrying earlier will of course give them the exact same error message
again but it won't get them locked out for good or anything.


More information about the Standards mailing list