[Standards] LAST CALL: XEP-0359 (Unique and Stable Stanza IDs)
flo at geekplace.eu
Sun Nov 25 22:43:38 UTC 2018
On 14.11.18 13:16, Holger Weiß wrote:
> * Georg Lukas <georg at op-co.de> [2018-11-14 12:47]:
>> * Holger Weiß <holger at zedat.fu-berlin.de> [2018-11-14 10:41]:
>>> * Georg Lukas <georg at op-co.de> [2018-11-13 18:29]:
>>>> §3 point 2 should probably be changed from
>>>> | Stanza ID generating entities, which encounter a <stanza-id/> element
>>>> | where the 'by' attribute matches the 'by' attribute they would otherwise
>>>> | set, MUST delete that element even if they are not adding their own
>>>> | stanza ID.
>>>> | Entities which receive a stanza with a <stanza-id/> element
>>>> | where the 'by' attribute matches the entiy's own JID, MUST delete that
>>>> | element even if they are not adding their own stanza ID.
>>> I guess the former wording was chosen deliberately to avoid the
>>> ambiguity about who exactly the "entities wich receive a stanza" might
>>> be. §3, point 7 says: "For one-on-one messages the assigning entity is
>>> the account. In groupchats the assigning entity is the room." With
>>> your wording, readers might assume the entity is the server itself.
>> Maybe then the wording needts to be "where the 'by' attribute matches a
>> JID that the entity is responsible for"? I just want to prevent somebody
>> injecting stanzas into my administrative domain with one of my JIDs.
> So this isn't just about wording but about semantics? I.e., you want
> the XEP to mandate the server to strip all stanza IDs with by=$JID,
> where $JID is any user or server JID the server feels responsible for?
> In that case we'd disagree. The XEP should only mandate stripping of
> stanzas for those JIDs on which the server announces XEP-0359 support,
> which is what the current wording is trying to do. Any other JIDs are
> out of scope.
I'd like to hear more about the reasons for your disagreement. I am not
entirely sure if participants in this discussion always talked about the
exact same thing. Maybe a concrete example would help:
Server 'example.org' receives stanza from 'foo.org' with a <stanza-id
by='user at example.org' id='…'>
Should the 'example.org' server sanitize this <stanza-id/> or not? Which
JIDs exactly do you think are out of scope? Could you give an example?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 618 bytes
Desc: OpenPGP digital signature
More information about the Standards