[Jabber-IETF] summarizing the issues

Marshall Rose mrose+internet.ietf.jabber at dbc.mtview.ca.us
Thu Oct 10 12:02:04 CDT 2002


folks - as we get closer to atlanta, i'd like to try to get the
discussion more focused. so, here's my summary, along with suggestions
on how to proceed.

whether you agree or disagree with my perspective, what i ask is this:
    
    rather than reply directly to this message, i ask that folks use one of
    the suggested subject lines below when replying in order to focus the
    discussion. thanks!

/mtr
				  #######
    
1. sasl in general

it seems to me that there are three questions:

    1a. does the sasl stuff in the xmpp spec actually work? [correctness]

    1b. does the sasl stuff in the xmpp spec provide the security we want?
        [completeness]
    
    1c. does the sasl stuff in the xmpp spec downgrade gracefully when
        talking with jabber? (i.e., if one side doesn't support sasl,
	then the connection stays up and the peers have a consistent
	view of the state of the connection.) [backwards-compatibility]

according to the draft charter, 1a & 1b are absolute requirements, and
1c is highly-desirable but not absolutely required.

after reviewing the specs, i think the answers are:

    1a: yes, cause the xmpp spec spells out all of the interaction cases
    that sasl may take.

    1b: yes, cause sasl is common practice in ietf application protocols,
    and the xmpp spec integrates with it cleanly (cf, 1a).
    
    1c: yes, cause the xmpp spec uses the time-honored jabber extensibility
    handshake. x

now, i don't recall seeing any messages that conflict with my answers to
these questions. 

if someone disagrees, then please send a message to the list with this subject:

    Subject: SASL issues

so we can resolve things.

    
2.sasl namespace
    
note that i didn't include the namespace "thread" in the list above
because, frankly, it's hard for me to get excited about it. however, i
think that the robert norris/joe hildebrand approach, e.g.,
    
   <stream:stream xmlns='jabber:client'
                   xmlns:stream='http://etherx.jabber.org/streams'
                   from='jabber.org' version='1.0'>
     <stream:capabilities>
       <mechanisms xmlns='http://www.iana.org/assignments/sasl-mechanisms'>
         <mechanism>DIGEST-MD5</mechanism>
         <mechanism>PLAIN</mechanism>
       </mechanisms>
       <starttls xmlns='http://blah'/>
     </stream:capabilities>
   </stream:stream>
    
shows a lot of promise.
    
could i ask that folks talking about the namespace issue send a message
to the list with this subject:
    
	Subject: SASL namespace
    
in particular, i'd be interested in hearing people's views on what
robert & joe are talking about, and whether there are better ways
of doing it.
    
    
3.internationalization/localization
    
it seems to me that if one were to make two small changes to the xmpp
specs, i.e.,
        
    3a. add the xml:lang attribute to <stream:stream/>
        
    3b. add the xml:lang attribute to <message/>

and then point out in the spec that these values are used in an advisory
role to the other side for localization purposes, then we're done.
    

if someone disagrees, then please send a message to the list with this subject:

    Subject: internationalization/localization

and explain your position.

				  #######    
    
thanks!
    
/mtr



More information about the xmppwg mailing list