[Standards] LAST CALL: XEP-0363 (HTTP File Upload)
goffi at goffi.org
Thu Jun 14 07:40:21 UTC 2018
I'm developer of Salut à Toi and HTTP Upload is implemented there, here are
> 1. Is this specification needed to fill gaps in the XMPP protocol
> stack or to clarify an existing protocol?
Well it's hard to answer. I would say no because Jingle is already doing
that in a better way.
On the other hand, HTTP libraries are more common that Jingle libraries,
making the implementation more easy for HTTP upload.
At the end, I don't think it's really filling a gap, but its existence make
sense in a way.
> 2. Does the specification solve the problem stated in the introduction
> and requirements?
The problem stated in introduction is not true, it's absolutely possible to
use Jingle to send a file to multiple resources or to make it work offline,
we do it in SàT with a server side component.
But HTTP Upload implementation is truly easy on client dev perspective,
supposing we have already HTTP libraries + certificate checking facilities
in the used programming language (which is most of time true). That's the
main interested of this XEP.
> 3. Do you plan to implement this specification in your code? If not,
> why not?
> 4. Do you have any security concerns related to this specification?
my main concern is about file deletion. We have no way to know which files
are already uploaded, for how long and how to delete them.
I think this specification should return the expiration date of the file,
in the same way as it returns max-file-size in section 3 and example 4.
About user request of file deletion, this could probably be done in an
external XEP, but it's an important missing part in my point of view.
> 5. Is the specification accurate and clearly written?
yes, redaction is good and spec is well explained.
- there is no validation schema in section 11
- there is no short name
More information about the Standards