[Standards] Feedback to Compliance Suites 2020

JC Brand lists at opkode.com
Thu Oct 10 08:20:57 UTC 2019


On Thu, Oct 10, 2019 at 11:01:56AM +0300, Evgeny wrote:
> On Thu, Oct 10, 2019 at 10:52 AM, JC Brand <lists at opkode.com> wrote:
> > You're arguing against a point nobody made.
> > 
> > Nobody advocated using BOSH to bypass restrictions in XEP-0198.
> > The issue Georg mentioned isn't due to anything in XEP-0198.
> > 
> > The issue is with the SASL anonymous login mechanism not allowing you to
> > reconnect with the same JID, which happens **before** trying to resume a
> > XEP-0198 session.
> 
> The issue is *exactly* due to limitation in XEP-0198 that you're trying to
> bypass with BOSH: since XEP-0198 doesn't allow you to resume a session
> without re-authentication (and with SASL ANONYMOUS you cannot
> re-authenticate with the same JID), you resort to use BOSH to bypass this
> restriction, since it's *implicitly* using session identifiers as
> authentication tokens.

Now you're saying "limitation", previously you said "restriction".

I agree that XEP-0198 is limited in the sense that it doesn't concern itself
with authentication and that this problem occurs at the authentication level.

Seems like XEP-0397 solves it though.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20191010/5d0fc497/attachment-0001.sig>


More information about the Standards mailing list