On Jan 15, 2008 3:33 AM, Peter Saint-Andre <[EMAIL PROTECTED]> wrote: > I have updated the provisional version of XEP-0115 per recent list > discussion.
I have only a minor word-smithing niggle: The collision and preimage section is a bit unclear - for the first halfread I though the terms were reversed (it's not vulnerable to collision, but might be to preimage sounds peculiar because collision is semi-possible, while preimage isn't), but I think I've understood now. Perhaps it could say something like 'not vulnerable to semi-possible* existing collision techniques, but could be possible to pre-image attacks if such are developed in the future." (*I forget the term). It might help thickies like me reading the spec. The 'pre-image would need' section says that it would have to remove a feature, but adding a feature could be equally DoS (say you supported xhtml-im and so the client stopped sending a <body /> as a poor example). I'm much happier with the text now though, thanks Peter. /K
