[Standards] LAST CALL: XEP-0363 (HTTP File Upload)

Dave Cridland dave at cridland.net
Tue Dec 12 10:50:57 UTC 2017

On 12 December 2017 at 09:10, Daniel Gultsch <daniel at gultsch.de> wrote:
> 2017-12-11 21:15 GMT+01:00 Kevin Smith <kevin.smith at isode.com>:
>> On 29 Nov 2017, at 19:16, Jonas Wielicki (XSF Editor) <jonas at wielicki.name> wrote:
>>> 4. Do you have any security concerns related to this specification?
>> Should probably mention that you’re going to be handing out your IP to whichever upload service you use.
> I can add that.
>>> 5. Is the specification accurate and clearly written?
>> "The service SHOULD NOT impose sanctions on an entity for retrying earlier than the specified time.”
>> Seems a bit odd - what’s the point in specifying a limit if clients are allowed to ignore it, and the server has to process the request normally anyway?
> The point is that clients don't have to parse the timestamp and could
> just retry at their own convenience.
> Retrying earlier will of course give them the exact same error message
> again but it won't get them locked out for good or anything.

You say "will of course", but the specification says "SHOULD NOT", so
what are the reasons you're anticipating a server might impose

More information about the Standards mailing list