On 1/26/12 9:18 AM, Peter Saint-Andre wrote: > On 1/26/12 4:53 AM, Ben Langfeld wrote: >> Gentlemen, >> >> I believe I have found a minor bug in XEP-0166, as follows: >> >> 1) An example states that a <security-required/> error element be >> included in a response, qualified by the urn:xmpp:jingle:errors:1 >> namespace: >> http://gitorious.org/xmpp/xmpp/blobs/master/extensions/xep-0166.xml#line1399 >> 2) The table of error conditions does not include >> <security-required/>: >> http://gitorious.org/xmpp/xmpp/blobs/master/extensions/xep-0166.xml#line1415 >> 3) The schema does not include <security-required/>: >> http://gitorious.org/xmpp/xmpp/blobs/master/extensions/xep-0166.xml#line1724 >> >> I am unsure if it is the schema or the example which is correct. If >> someone can nudge me in the right direction, I can get a patch >> submitted today. > > Thanks for the bug report. I think that was an oversight in the table > and schema, but I'll double-check and post again.
Now I'm not so sure. Let's look at the paragraph before that example: If one of the parties attempts to send information over the unsecured XMPP signalling channel that the other party expects to receive over the encrypted data channel... That's kind of a strange scenario. You and I have set up an encrypted data channel, but I try to send data to you over the signalling channel that you would have expected me to send to you over the data channel. Perhaps we were thinking of XTLS at the time, but even that spec [1] does not use the <security-required/> error. So I now think that this is extraneous text that needs to be removed. I'll forward this message to the [email protected] list for verification. Peter [1] http://tools.ietf.org/html/draft-meyer-xmpp-e2e-encryption-02
