On Thu, Oct 10, 2019 at 11:20 AM, JC Brand wrote:
Now you're saying "limitation", previously you said "restriction".
I use those words interchangeably in this context.
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standar
On Thu, Oct 10, 2019 at 10:59 AM, JC Brand wrote:
Well, to come back to Georg's point of not deprecating BOSH until we
have a
solution, it seems that XEP-0397 would need to be included in the
compliance
suite, at least for this particular use-case (maintaining anonymous
logins
over websocket)
On Thu, Oct 10, 2019 at 11:01:56AM +0300, Evgeny wrote:
> On Thu, Oct 10, 2019 at 10:52 AM, JC Brand wrote:
> > You're arguing against a point nobody made.
> >
> > Nobody advocated using BOSH to bypass restrictions in XEP-0198.
> > The issue Georg mentioned isn't due to anything in XEP-0198.
> >
On Thu, Oct 10, 2019 at 10:52 AM, JC Brand wrote:
You're arguing against a point nobody made.
Nobody advocated using BOSH to bypass restrictions in XEP-0198.
The issue Georg mentioned isn't due to anything in XEP-0198.
The issue is with the SASL anonymous login mechanism not allowing you
to
r
On Wed, Oct 09, 2019 at 09:13:59PM +0200, Jonas Schäfer wrote:
> On Mittwoch, 9. Oktober 2019 21:01:18 CEST JC Brand wrote:
> > On Wed, Oct 09, 2019 at 05:24:49PM +0200, Georg Lukas wrote:
> > > * Evgeny [2019-10-09 17:08]:
> > > > I would like to see BOSH dropped and moving the XEP to historical
On Wed, Oct 09, 2019 at 10:24:54PM +0300, Evgeny wrote:
> On Wed, Oct 9, 2019 at 10:20 PM, Evgeny wrote:
> > I still doubt this is anyhow more secure than session resumption in
> > XEP-0198 (which btw requires real re-authentication).
>
> Let me explain: using BOSH to bypass restriction of XEP-01
On Mittwoch, 9. Oktober 2019 20:48:15 CEST JC Brand wrote:
> On Wed, Oct 09, 2019 at 04:56:54PM +0200, Jonas Schäfer wrote:
> > - Should we really require both BOSH and WebSockets for the Web Suite for
> > clients? Maybe it makes more sense to require it both for Servers, but
> > only
> > one of th
On Wed, Oct 9, 2019 at 6:07 PM, Evgeny wrote:
supporting both XEP-0198 and BOSH makes no sense at all
I would also add that implementing both XEP-0198 and BOSH in the server
is not a trivial task at all. I would say both are very complex to
implement correctly and have tons of caveats. So by
On Wed, Oct 9, 2019 at 10:20 PM, Evgeny wrote:
I still doubt this is anyhow more secure than session resumption in
XEP-0198 (which btw requires real re-authentication).
Let me explain: using BOSH to bypass restriction of XEP-0198 (namely,
SASL re-authentication) doesn't justify usage of BOSH,
On Wed, Oct 9, 2019 at 10:11 PM, JC Brand wrote:
"Restoring" a session means simply making a new request within the
timeout
period. Whether the browser tab has been reloaded in the meantime is
irrelevant.
I still doubt this is anyhow more secure than session resumption in
XEP-0198 (which btw
On Mittwoch, 9. Oktober 2019 21:01:18 CEST JC Brand wrote:
> On Wed, Oct 09, 2019 at 05:24:49PM +0200, Georg Lukas wrote:
> > * Evgeny [2019-10-09 17:08]:
> > > I would like to see BOSH dropped and moving the XEP to historical or
> > > deprecated state, because I see zero advantages over Websocket
On Wed, Oct 09, 2019 at 06:32:12PM +0300, Evgeny wrote:
> On Wed, Oct 9, 2019 at 6:27 PM, Evgeny wrote:
> > According to such logic this "problem" should be resolved for plain TCP
> > c2s as well. Unless it's not solved we should not kill BOSH.
>
> Ah, and another question is raising: why actuall
On Wed, Oct 09, 2019 at 05:24:49PM +0200, Georg Lukas wrote:
> * Evgeny [2019-10-09 17:08]:
> > I would like to see BOSH dropped and moving the XEP to historical or
> > deprecated state, because I see zero advantages over Websockets now
> > (supporting both XEP-0198 and BOSH makes no sense at all)
On Wed, Oct 09, 2019 at 04:56:54PM +0200, Jonas Schäfer wrote:
> - Should we really require both BOSH and WebSockets for the Web Suite for
> clients? Maybe it makes more sense to require it both for Servers, but only
> one of them for clients, possibly even phasing out BOSH. (Disclaimer: I’m not
On Wed, Oct 9, 2019 at 6:27 PM, Evgeny wrote:
According to such logic this "problem" should be resolved for plain
TCP c2s as well. Unless it's not solved we should not kill BOSH.
Ah, and another question is raising: why actually BOSH allows you to
restore the session without re-authentication
On Wed, Oct 9, 2019 at 6:24 PM, Georg Lukas wrote:
Until this problem is solved, I'd rather not kill BOSH.
According to such logic this "problem" should be resolved for plain TCP
c2s as well. Unless it's not solved we should not kill BOSH.
___
Sta
* Evgeny [2019-10-09 17:08]:
> I would like to see BOSH dropped and moving the XEP to historical or
> deprecated state, because I see zero advantages over Websockets now
> (supporting both XEP-0198 and BOSH makes no sense at all).
there is still an open issue with WebSockets for anonymous session
On Wed, Oct 9, 2019 at 5:56 PM, Jonas Schäfer
wrote:
- Should we really require both BOSH and WebSockets for the Web Suite
for
clients? Maybe it makes more sense to require it both for Servers,
but only
one of them for clients, possibly even phasing out BOSH. (Disclaimer:
I’m not
a Web person
18 matches
Mail list logo