[Standards] LAST CALL: XEP-0359 (Unique and Stable Stanza IDs)
georg at op-co.de
Tue Nov 13 17:29:44 UTC 2018
* Jonas Schäfer <jonas at wielicki.name> [2018-10-20 13:55]:
> 1. Is this specification needed to fill gaps in the XMPP protocol
> stack or to clarify an existing protocol?
Unfortunately yes, as we can't just retroactively make the stanza @id
field work reliably.
> 2. Does the specification solve the problem stated in the introduction
> and requirements?
> 3. Do you plan to implement this specification in your code? If not,
> why not?
> 4. Do you have any security concerns related to this specification?
§3 point 2 should probably be changed from
| Stanza ID generating entities, which encounter a <stanza-id/> element
| where the 'by' attribute matches the 'by' attribute they would otherwise
| set, MUST delete that element even if they are not adding their own
| stanza ID.
| Entities which receive a stanza with a <stanza-id/> element
| where the 'by' attribute matches the entiy's own JID, MUST delete that
| element even if they are not adding their own stanza ID.
Obviously this can only be supported by entities that understand the
XEP, but otherwise a server might just pass on malicious stanza-id
elements from a client or remote entity.
|| http://op-co.de ++ GCS d--(++) s: a C+++ UL+++ !P L+++ !E W+++ N ++
|| gpg: 0x962FD2DE || o? K- w---() O M V? PS+ PE-- Y++ PGP+ t+ 5 R+ ||
|| Ge0rG: euIRCnet || X(+++) tv+ b+(++) DI+++ D- G e++++ h- r++ y? ||
++ IRCnet OFTC OPN ||_________________________________________________||
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the Standards