[Standards] LAST CALL: XEP-0280 (Message Carbons)

Florian Schmaus flo at geekplace.eu
Sat Feb 11 20:38:01 UTC 2017

On 09.02.2017 00:07, XMPP Extensions Editor wrote:
> This message constitutes notice of a Last Call for comments on XEP-0280 (Message Carbons).
> Abstract: In order to keep all IM clients for a user engaged in a conversation, outbound messages are carbon-copied to all interested resources.
> URL: http://xmpp.org/extensions/xep-0280.html
> This Last Call begins today and shall end at the close of business on 2017-02-22.
> Please consider the following questions during this Last Call and send your feedback to the standards at xmpp.org discussion list:
> 1. Is this specification needed to fill gaps in the XMPP protocol stack or to clarify an existing protocol?


> 2. Does the specification solve the problem stated in the introduction and requirements?


> 3. Do you plan to implement this specification in your code? If not, why not?

Already implemented.

> 4. Do you have any security concerns related to this specification?

Entity impersonation vulnerabilities. One way to solve them would be if
carbons would use Nonzas instead of Stanzas for the forwarded messages.
But then we would want to have Nonzas taken into account by Stream
Management. Since I don't see that happening anytime soon, I don't
consider this to be an blocker for carbons advancing to draft. Also the
"Security Considerations" section of carbons are clear on that.

> 5. Is the specification accurate and clearly written?

Mostly. I'm missing whether or not the carbons state is restored after
stream resumption. I think that there is no harm in restoring the state
after resumption, which would save us a round trip (until Bind2/SASL2
arrives). Therefore I suggest https://github.com/xsf/xeps/pull/402

And I'm not a fan of the term 'forked'.

- Florian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 603 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170211/f81e322f/attachment.sig>

More information about the Standards mailing list