On Wed Mar 2 12:00:42 2011, Gregg Vanderheiden wrote:
Why real-time text is important
Real-Time text is an important medium
Well, that answers that question, then. :-)
Looking at this protocol and referring back to the SIMPLE discussion
that have been on-going for around 6 years, now, I note that:
1) Real-time conversations are, with this design, incompatible with
existing conversations. This strikes me as ill-advised.
2) Assuming that compatibility isn't required, it's not clear to me
why this is preferable to RFC 4103 negotiated over Jingle.
3) Finally, I note that the security model of XMPP is message based.
I have no idea what interesting security issues may arise from this,
but for some examples:
a) The current requirements on archival/retention are generally WRT
legal issues - one has to wonder whether a message could be crafted
such that it appeared to discuss one thing, but in fact that text was
instantly deleted, leaving a perfectly innocuous message in its
place. Note that the recommendation in §6 suggests that only <body/>
or <html/> should be logged, which is generally going to be
considered illegal, and opens up a whole new set of subterfuge,
allowing as it does for <rtt/> to be used as a back-channel.
b) For TTY/T.140 etc, it seems possible to have a system emulate
login screens and other such things. I note that Dean Willis raised
this one almost three years ago.
c) The implications on secure messaging systems, whether this
involves XEP-0258, signing, or encryption, are not discussed in this
XEP. I suspect this could be quite some discussion.
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
