I was implementing XEP-50 and was dumbfounded to find the protocol is stateful. That is, the protocol requires a server to maintain state, potentially of significant size, of each in-progress command. I think a stateless protocol design would be more appropriate, such as one where the server provides a state data in non-final command responses that the client is required to return in subsequent requests.

If the design remains stateful, I recommend a security consideration be added cautioning server developers of the possibility that state management requirements of 'ad hoc' commands might be used to mount denial of service attacks against the server. One simple way to avoid such DoS attacks is to limit the number of concurrent commands a client (and/or user) can execute, and to limit the size of state held for each client (and/or user).

-- Kurt

Reply via email to