On 2009/07/27, at 16:15, Kurt Zeilenga wrote:
On Jul 27, 2009, at 3:19 AM, Pedro Melo wrote:
On 2009/07/23, at 23:29, XMPP Extensions Editor wrote:
In example 8, the 'to' attribute is misplaced, should be in the top
level <iq> stanza. Also present in example 9, maybe it should be a
from there?
No. The client is requesting its server return the catalog for
example.com. Moving the to= to the <iq> stanza would imply the
client is requesting example.com return its catalog.
One thing that's not clear in the XEP is the expectation that
clients are to generally ask their server for catalogs (even of
remote jids). This is done for a couple of reasons. One, it allows
their local server to translate the remote catalog into the local
policy. Second, it allows the local server to filter the remote
catalog based upon the requestor's clearance (the remote server is
unlikely to know what clearance the remote (to them) has). I'll
try to add some text here.
Is that wise? I mean I understand the reasons, but usually in XMPP we
don't let JID X provide authoritative information about JID Y to
prevent spoofing or MITM attacks.
I guess that in these environment, if you have a compromised server
you are already in a lot of trouble though...
Best regards,
