On Mittwoch, 9. Oktober 2019 20:48:15 CEST JC Brand wrote:
> On Wed, Oct 09, 2019 at 04:56:54PM +0200, Jonas Schäfer wrote:
> > - Should we really require both BOSH and WebSockets for the Web Suite for
> > clients? Maybe it makes more sense to require it both for Servers, but
> > only
> > one of
On Wed, Oct 9, 2019 at 6:07 PM, Evgeny wrote:
supporting both XEP-0198 and BOSH makes no sense at all
I would also add that implementing both XEP-0198 and BOSH in the server
is not a trivial task at all. I would say both are very complex to
implement correctly and have tons of caveats. So
On Wed, Oct 9, 2019 at 10:20 PM, Evgeny wrote:
I still doubt this is anyhow more secure than session resumption in
XEP-0198 (which btw requires real re-authentication).
Let me explain: using BOSH to bypass restriction of XEP-0198 (namely,
SASL re-authentication) doesn't justify usage of
On Wed, Oct 9, 2019 at 10:11 PM, JC Brand wrote:
"Restoring" a session means simply making a new request within the
timeout
period. Whether the browser tab has been reloaded in the meantime is
irrelevant.
I still doubt this is anyhow more secure than session resumption in
XEP-0198 (which
On Mittwoch, 9. Oktober 2019 21:01:18 CEST JC Brand wrote:
> On Wed, Oct 09, 2019 at 05:24:49PM +0200, Georg Lukas wrote:
> > * Evgeny [2019-10-09 17:08]:
> > > I would like to see BOSH dropped and moving the XEP to historical or
> > > deprecated state, because I see zero advantages over
On Wed, Oct 09, 2019 at 06:32:12PM +0300, Evgeny wrote:
> On Wed, Oct 9, 2019 at 6:27 PM, Evgeny wrote:
> > According to such logic this "problem" should be resolved for plain TCP
> > c2s as well. Unless it's not solved we should not kill BOSH.
>
> Ah, and another question is raising: why
On Wed, Oct 09, 2019 at 05:24:49PM +0200, Georg Lukas wrote:
> * Evgeny [2019-10-09 17:08]:
> > I would like to see BOSH dropped and moving the XEP to historical or
> > deprecated state, because I see zero advantages over Websockets now
> > (supporting both XEP-0198 and BOSH makes no sense at
On Wed, Oct 09, 2019 at 04:56:54PM +0200, Jonas Schäfer wrote:
> - Should we really require both BOSH and WebSockets for the Web Suite for
> clients? Maybe it makes more sense to require it both for Servers, but only
> one of them for clients, possibly even phasing out BOSH. (Disclaimer: I’m not
On Wed, Oct 9, 2019 at 6:27 PM, Evgeny wrote:
According to such logic this "problem" should be resolved for plain
TCP c2s as well. Unless it's not solved we should not kill BOSH.
Ah, and another question is raising: why actually BOSH allows you to
restore the session without
On Wed, Oct 9, 2019 at 6:24 PM, Georg Lukas wrote:
Until this problem is solved, I'd rather not kill BOSH.
According to such logic this "problem" should be resolved for plain TCP
c2s as well. Unless it's not solved we should not kill BOSH.
___
* Evgeny [2019-10-09 17:08]:
> I would like to see BOSH dropped and moving the XEP to historical or
> deprecated state, because I see zero advantages over Websockets now
> (supporting both XEP-0198 and BOSH makes no sense at all).
there is still an open issue with WebSockets for anonymous
On Wed, Oct 9, 2019 at 5:56 PM, Jonas Schäfer
wrote:
- Should we really require both BOSH and WebSockets for the Web Suite
for
clients? Maybe it makes more sense to require it both for Servers,
but only
one of them for clients, possibly even phasing out BOSH. (Disclaimer:
I’m not
a Web
Hi list,
Here’s my promised feedback to the CS 2020, specifically to the selection of
XEPs and their "levels".
- Should we really require both BOSH and WebSockets for the Web Suite for
clients? Maybe it makes more sense to require it both for Servers, but only
one of them for clients,
13 matches
Mail list logo
