[Standards] LAST CALL: XEP-0359 (Unique and Stable Stanza IDs)

Georg Lukas georg at op-co.de
Wed Nov 14 18:47:27 UTC 2018

* Holger Weiß <holger at zedat.fu-berlin.de> [2018-11-14 13:16]:
> So this isn't just about wording but about semantics?  I.e., you want
> the XEP to mandate the server to strip all stanza IDs with by=$JID,
> where $JID is any user or server JID the server feels responsible for?
> In that case we'd disagree.  The XEP should only mandate stripping of
> stanzas for those JIDs on which the server announces XEP-0359 support,
> which is what the current wording is trying to do.  Any other JIDs are
> out of scope.

I think that yes, the server should strip fake stanza IDs with all JIDs
that the server is responsible for, and yes, it should announce support
for 0359 on all these JIDs to make that discoverable.

The semantic change I want to achieve is that this rule is not only
enforced by entities that are supposed to add a stanza ID, but by all
entities that understand the protocol.

> Yes, as I quoted above, that's what §3 point 7 argues.  I just think the
> term "entity" is quite ambigous and it's important to be precise in
> security-relevant spec clauses such as this one.

Yes, I agree. A better wording would probably include expliit mention of
terms like "bare JID", but also have a sentence about an account being
typically a thing hosted on the server.

|| http://op-co.de ++  GCS d--(++) s: a C+++ UL+++ !P L+++ !E W+++ N  ++
|| gpg: 0x962FD2DE ||  o? K- w---() O M V? PS+ PE-- Y++ PGP+ t+ 5 R+  ||
|| Ge0rG: euIRCnet ||  X(+++) tv+ b+(++) DI+++ D- G e++++ h- r++ y?   ||
++ IRCnet OFTC OPN ||_________________________________________________||
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20181114/05070afe/attachment.sig>

More information about the Standards mailing list