-------- Original Message -------- Date: Tue, 15 Jul 2008 06:28:05 -0600 From: Peter Saint-Andre <[EMAIL PROTECTED]> To: Brendan Taylor <[EMAIL PROTECTED]>Subject: Re: Namespace well-formedness and RFC3920bis backwards compatibility
Brendan Taylor wrote:
RFC 3920bis-06 says:
A XMPP entity MUST NOT accept XML data from another entity if that
data is not well-formed in accordance with both the definition of
"well-formed" in Section 2.1 of [XML] and the definition of
"namespace-well-formed" in Section 7 of [XML-NAMES].
In an XMPP entity receives XML data that is not so well-formed, it
MUST return an <xml-not-well-formed/> stream error and close the
stream over which the data was sent.
The namespace-well-formedness constraint wasn't explicit in the original
RFC (Appendix F suggests it was intended but overlooked).
Clients can't adopt the constraint until servers do. (because otherwise
if an attacker sends you a namespace-ill-formed stanza, the server will
pass it on and your client will be forced to disconnect when it receives
it).
Agreed.
Ejabberd happily accepts namespace-ill-formed stanzas, I don't know about other servers.
That's a bug and I thought it was corrected in version 2.x.
I agree with the updated section; XMPP should move away from the ad-hoc namespace handling that's been the norm. If that constraint isn't there then a client can't use a namespace-aware XML parser.
Right. What we do is tighten up the spec but say that (because it was underspecified previously) older software may not comply. We have similar text in several other places.
Also, "In an XMPP entity" should be "If an XMPP entity". :)
Fixed. I haven't completed a detailed proofreading yet, that will happen during my work on version -07. I'll put out a call for widespread feedback here soon so we can get these specs done. I for one am ready to move on with my life. :) Peter
smime.p7s
Description: S/MIME Cryptographic Signature
