On 1/18/02 4:47 AM, "Daniel Veillard" <[EMAIL PROTECTED]> wrote:
>> Which standards are you talking about ? If you think of the correct >> processing of xml namespaces i'm +1 on this one. > > There is also a large amount of undescribed issues going further than > the XML Namespace specification but lying at the core of XML: > - what happen with commnets in the XML streams > - ditto with PI (processing instructions) > - what about the recommended encodings, is UTF-8 mandatory > - what about empty tags serialization from an XML point of view > <hash/> is equivalent to <hash></hash> > - reserved namespace names, seems jabber reserves those > starting with "jabber:", however this is unclear what would > happen in case of unrecognized namespace. Note also that > "http://jabber.org/"; based namespace name would probably > have been better from a legal point of view... > > What I would like to avoid is a reference implementation setting up > the "standard" [*] . What I would like to see as much as possible is a > written description of the part from the underlying spec (XML XMLNs, etc...) > where there is an expected deviation in behaviour during processing. Excellent. I've been harping on this for a while. > I would like to see a freeze in features allowing to write those down > as much as possible, and move the parts which are actaully implemented > and in use from the draft section move into the "standard" section. This is part of the standards process in the foundation however I agree that its being given short shrift. I was arguing for rigorous standardization of the existing Jabber protocols before doing anything else but was convinced that things need changing (jabber next generation). So from what I understand, we're going to be creating the next generation protocols then documenting... I'd be interested in discussing it further though. > If you are really in dire need of ideas to code, I would like to > see how server SSL certificate checking like in https could be done from > the client. It would be great too if the SSL server would react better if > the SSL certificate is not present or readable (it simply don't answer > the client requests without dropping the connexion), and if there was > an official way to bin all interfaces (ACCEPT *) to the SSL port with a single > certificate (something like <ssl port='5223'/> in pthcsock and > <ssl> <key ip='*'>/etc/sysconfig/jabber/jabberkey.pem</key> </ssl> > in the io section). It's just a few things I had to fight with in the > last days. You should jump into the security jig at foundation.jabber.org. We're just now starting to look at these things. -iain _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
