[Standards] Call for Experience: XEP-0066: Out of Band Data

Kevin Smith kevin.smith at isode.com
Wed Mar 21 11:18:45 UTC 2018


On 7 Mar 2018, at 19:17, Jonas Wielicki (XSF Editor) <jonas at wielicki.name> wrote:
> 
> The XEP Editor would like to Call for Experience with XEP-0066 before
> presenting it to the Council for advancing it to Final status.
> 
> 
> During the Call for Experience, please answer the following questions:
> 
> 1. What software has XEP-0066 implemented? Please note that the
> protocol must be implemented in at least two separate codebases (at
> least one of which must be free or open-source software) in order to
> advance from Draft to Final.

We have not, and are unlikely to do so in the current state.


There are significant security/privacy issues around 66. The payload used as a method of communicating URLs is fine (although I think References is ultimately more helpful for this - at least in the next version that we’ll have ‘soon’), but that a client receiving an iq is expected to immediately fetch a file and then say when it’s done, or error if it was unable is riddled with problems. Also, multiple URI schemes are allowed, including making video calls, but the interaction between "The receiving application MUST NOT send the IQ result until it has retrieved the complete file (e.g., it MUST NOT send the IQ result if it has merely attempted to retrieve the file or the URL provided seems to be valid)” and non-file URIs is not obvious. All the text around SI would presumably also need to go before this was advanced.

/K


More information about the Standards mailing list