On Sunday 08 June 2008 11:57 am, Dirk Meyer wrote: > Justin Karneges wrote: > > Treated as a stream, we cannot enforce that a particular TLS packet > > contains an entire XML document. A single TLS packet might contain > > many messages, and one message might be split across many TLS > > packets. > > > > Better that we change the stream to work like this: > > > > [ immediate TLS handshake ] > > <some_root_element> > > <message/> > > <message/> > > <message/> > > </some_root_element> > > If you want that only to re-use your parser, it is an implementation > problem. To re-use a parser just feed <some_root_element> to your > parser manually. If you are doing it because it matches the XMPP style > with one large XML document we should go for <stream>. I'm happy with > both because, but we should NOT wait for the <stream> from the peer > because it would add an extra roundtrip.
It's true, you could just feed a fake root element to the parser manually. It would feel somewhat hackish to me if that was the suggested approach to parsing XTLS content though. So yeah, for consistency with XMPP, let's go with <stream> as the root element: <stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' from='[EMAIL PROTECTED]' to='[EMAIL PROTECTED]'> The default namespace is nice, since we needed to qualify the <message/> stanzas anyway. The 'to' and 'from' are a tad superfluous, but maybe we should consider them for consistency with XEP-174 (Link Local) ? Same for putting to/from on the message stanzas. We would leave out the version='1.0' flag though, since there is no stream:features step. Additionally, we would note in XTLS that there is no need to wait for the <stream> response from the receiving entity in order to send messages. This would alleviate the need for a round trip. So after TLS negotiation completes, you could immediately send this: <stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' from='[EMAIL PROTECTED]' to='[EMAIL PROTECTED]'> <message from='[EMAIL PROTECTED]' to='[EMAIL PROTECTED]'> <body>M'lady, I would be pleased to make your acquaintance.</body> </message> I also think it would be worth having a note about proper stream closure. It may be comforting to know if the peer has intentionally ended an XTLS session, to distinguish from a network problem or attack. -Justin
