[Standards] What is the size limit of node and item ids in XEP-0060: Publish-Subscribe?

Jonas Wielicki jonas at wielicki.name
Sun Mar 4 17:54:53 UTC 2018


On Sonntag, 4. März 2018 17:02:07 CET Peter Saint-Andre wrote:
> If we want to specify this, I would recommend the UsernameCaseMapped
> profile defined in RFC 8265.
> 
> However, there's a twist: if a node ID can be a full JID, then do we
> want to apply the normal rules of RFC 7622 to all the JID parts, instead
> of one uniform profile such as UsernameCaseMapped to the entire node ID?
> For instance, the resourcepart of a JID is allowed to contain a much
> wider range of Unicode characters than is allowed by the
> UsernameCaseMapped profile of the PRECIS IdentifierClass (which we use
> for the localpart).
> 
> Given that a node ID can be used for authorization decisions, I think
> it's better to be conservative in what we accept (specifically, not
> allow the wider range of characters in a resourcepart because
> developers, and attackers, could get too "creative").

I would argue that adding those restrictions / any kind of string prepping to 
XEP-0060 or XEP-0030 nodes is (a) too late and (b) ambiguous at least, as you 
mentioned (depending on the data).

I’d also argue that nodes aren’t shown or typed into a field by users 
normally, so I would not worry about that kind of normalization here.

If a specific XEP-0030/XEP-0060-based protocol needs more guarantees, I think 
those can be defined there.

kind regards,
Jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.jabber.org/pipermail/standards/attachments/20180304/ca054052/attachment.sig>


More information about the Standards mailing list