[Standards] LAST CALL: XEP-0423 (XMPP Compliance Suites 2020)
kevin.smith at isode.com
Wed Nov 6 15:03:57 UTC 2019
(And this time I’ll remember to thank Georg for taking this on. Thanks Georg)
> On 6 Nov 2019, at 13:43, Georg Lukas <georg at op-co.de> wrote:
> * Kevin Smith <kevin.smith at isode.com> [2019-11-06 12:24]:
>> I think the addition of ’66 is well-intentioned, but jabber:x:oob <jabber:x:oob> is underspecified (it defines a syntax, but semantics are missing).
> I agree, but nobody has written down the semantics yet, so there is no
> place to link to. On the other hand, this approach seems to be so widely
> used (despite me hating it), that it would be bad _not_ to tell
> developers about it at all.
I think it would be fine to drop a note in saying that ’66 isn’t required by the suite, but that it is sometimes used and worth looking at, or something.
>> I think 286 (LTE mobile) is worth a mention, but how would one be
>> compliant with it as a client or server?
> By having the author read 286 ;-)
I think a note to that effect is worthwhile.
>> I note that while requiring TLS is right, I suspect very few, if any,
>> implementations follow 7590 (and by extension 7525). It’s also
>> inconsistent to require 7590 (and 7525) in core, but direct TLS (which
>> 7525 would need) only in advanced.
> I read your remark as "7525 makes Direct TLS mandatory", which I can not
> see in the RFC. 7525 says that deployments SHOULD prefer "strict TLS"
> (which is not really defined) over "dynamic upgrade" if supported.
Strict may not be explicitly defined, but the dynamic that you need to prefer it over is defined to include STARTTLS. So I do read it as saying that you need to prefer direct TLS to STARTTLS where a protocol allows it (which we do these days).
This was, though, just a note and I’m not pushing for a text change.
>> My only note on this is that I think the introduction to “Future
>> Development” isn’t right - these are protocols that aren’t ready to be
>> required by the compliance suite, rather than not ready for production
> I've updated the text accordingly; a rendered version of your and other
> LC responses can be found at https://op-co.de/tmp/xep-0423.html
More information about the Standards