On 3/31/09 8:05 AM, Jonathan Schleifer wrote: > Am 31.03.2009 um 15:45 schrieb Peter Saint-Andre: > >> Typically our protocol documents don't specify user interface details >> like that. > > Hm, ok. But sometimes, it would make sense if a particular feature is > presented the same way to the user in every client. This looks more > consistent for the user if two users are using different clients.
Making some suggestions seems OK, but I wouldn't want to say that a client MUST do it that way. >>> • Security considerations: We specify width and height, but the client >>> MUST NOT rely on these, otherwise it can lead to security issues. >> >> Good point. > > Maybe a string like "The specified size should only be used as an > approximate to reserve display space where the thumbnail will be > displayed, like in the conversation, but it should NEVER be used as an > indicator how big the thumbnail really is." I think we already have text like this in XEP-0071 and we can borrow that. (Well, I see that XEP-0071 says only "these are hints only and cannot necessarily be relied upon in determining the size of the image" so that's not really states in security language.) Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
