[Standards] LAST CALL: XEP-0423 (XMPP Compliance Suites 2020)
kevin.smith at isode.com
Wed Nov 6 11:21:51 UTC 2019
> On 23 Oct 2019, at 16:07, Jonas Schäfer (XSF Editor) <jonas at wielicki.name> wrote:
> This message constitutes notice of a Last Call for comments on
> Title: XMPP Compliance Suites 2020
> This document defines XMPP application categories for different use
> cases (Core, Web, IM, and Mobile), and specifies the required XEPs
> that client and server software needs to implement for compliance with
> the use cases.
> URL: https://xmpp.org/extensions/xep-0423.html
> This Last Call begins today and shall end at the close of business on
> Please consider the following questions during this Last Call and send
> your feedback to the standards at xmpp.org discussion list:
> 1. Is this specification needed to fill gaps in the XMPP protocol
> stack or to clarify an existing protocol?
I don’t think the Compliance Suites are the right thing to be doing, but at the moment we don’t have anything better to address the ‘provide guidance to implementors’ need.
> 2. Does the specification solve the problem stated in the introduction
> and requirements?
I think the addition of ’66 is well-intentioned, but jabber:x:oob <jabber:x:oob> is underspecified (it defines a syntax, but semantics are missing).
I think 392 (consistent colours) is worth a mention, but not as a requirement at this stage.
I would rather see bookmarks2 as a requirement than 411, but don’t hugely care. What does a client need to do to implement 411 though?
I think 286 (LTE mobile) is worth a mention, but how would one be compliant with it as a client or server?
I note that while requiring TLS is right, I suspect very few, if any, implementations follow 7590 (and by extension 7525).
It’s also inconsistent to require 7590 (and 7525) in core, but direct TLS (which 7525 would need) only in advanced.
> 3. Do you plan to implement this specification in your code? If not,
> why not?
Not in the short term - I think the document is more useful as guidance than it is as a hard compliance test.
> 4. Do you have any security concerns related to this specification?
I think ’66’s security considerations are likely not adequate for the current Internet (particularly around privacy).
> 5. Is the specification accurate and clearly written?
Mostly. The ‘Changes since 2019’ section is very useful.
My only note on this is that I think the introduction to “Future Development” isn’t right - these are protocols that aren’t ready to be required by the compliance suite, rather than not ready for production use.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Standards