[Standards] Call for Experience: XEP-0092: Software Version

Dave Cridland dave at cridland.net
Thu Mar 15 18:48:13 UTC 2018


On 14 Mar 2018 17:29, "Jonas Wielicki" <jonas at wielicki.name> wrote:

The XEP Editor would like to Call for Experience with XEP-0092 before
presenting it to the Council for advancing it to Final status.


During the Call for Experience, please answer the following questions:

1. What software has XEP-0092 implemented? Please note that the
protocol must be implemented in at least two separate codebases (at
least one of which must be free or open-source software) in order to
advance from Draft to Final.


Openfire implements this, and qualifies as open-source software under the
OSI definition. (I'm also aware that Prosody, ejabberd, Isode M-Link, and
possibly ever extant server implements this).


2. Have developers experienced any problems with the protocol as
defined in XEP-0092? If so, please describe the problems and, if
possible, suggested solutions.


The specification notes that revealing the Operating System might provide
an attacker with useful information with which to carry out an attack.

It does not, however, note the same is true of the XMPP software name and
version. Since the version is not option, this means software cannot reveal
the name without the version - however, it seems to me that the version
could be left as an empty element, and newer clients could consider this as
unspecified.

In any case, noting that software names and versions are of potential
interest to an attacker is, I think, worth noting in the Security
Considerations.


3. Is the text of XEP-0092 clear and unambiguous? Are more examples
needed? Is the conformance language (MAY/SHOULD/MUST) appropriate?
Have developers found the text confusing at all? Please describe any
suggestions you have for improving the text.


All good. (Note mandatory version above).


If you have any comments about advancing XEP-0092 from Draft to Final,
please provide them by the close of business on 2018-03-28. After the
Call for Experience, this XEP might undergo revisions to address
feedback received, after which it will be presented to the XMPP
Council for voting to a status of Final.


You can review the specification here:

https://xmpp.org/extensions/xep-0092.html

Please send all feedback to the standards at xmpp.org discussion list.
_______________________________________________
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: Standards-unsubscribe at xmpp.org
_______________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20180315/27b19a0b/attachment.html>


More information about the Standards mailing list