[Standards] What is the size limit of node and item ids in XEP-0060: Publish-Subscribe?
jonas at wielicki.name
Sun Mar 4 17:54:53 UTC 2018
On Sonntag, 4. März 2018 17:02:07 CET Peter Saint-Andre wrote:
> If we want to specify this, I would recommend the UsernameCaseMapped
> profile defined in RFC 8265.
> However, there's a twist: if a node ID can be a full JID, then do we
> want to apply the normal rules of RFC 7622 to all the JID parts, instead
> of one uniform profile such as UsernameCaseMapped to the entire node ID?
> For instance, the resourcepart of a JID is allowed to contain a much
> wider range of Unicode characters than is allowed by the
> UsernameCaseMapped profile of the PRECIS IdentifierClass (which we use
> for the localpart).
> Given that a node ID can be used for authorization decisions, I think
> it's better to be conservative in what we accept (specifically, not
> allow the wider range of characters in a resourcepart because
> developers, and attackers, could get too "creative").
I would argue that adding those restrictions / any kind of string prepping to
XEP-0060 or XEP-0030 nodes is (a) too late and (b) ambiguous at least, as you
mentioned (depending on the data).
I’d also argue that nodes aren’t shown or typed into a field by users
normally, so I would not worry about that kind of normalization here.
If a specific XEP-0030/XEP-0060-based protocol needs more guarantees, I think
those can be defined there.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part.
More information about the Standards