Re: [Standards] XEP 297 xmlns and lang preservation in forwarding

Thu, 14 Aug 2014 16:06:34 -0700 

On Aug 14, 2014, at 3:18 PM, Dave Cridland <[email protected]> wrote:>> No 
other namespaces need to be copied; the only other one on the stream header 
would be dialback; all others are illegal.
> >
> >
> > In 6120, dialback is mentioned in the namespace in a "for instance" 
> > comment, implying it's not the only possible such namespace declaration 
> > that could be present in the stream element.  For instance, wouldn't it 
> > also be legal to declare the session management namespace (XEP 198) in the 
> > stream element.   And the more such for instances there are, the more 
> > likely practice will catch up to theory here.
> >
> 
> What about a client declaring a namespace whose presence indicates something 
> about its security? Are you allowing a receiver of a forwarded stanza to 
> fingerprint the originating client?
> 
> 

Isn't that kind of obvious in forwarding in general?   Even if not, XEP 297 
does say "Forwarding stanzas can reveal information about the original sender".

Or maybe you meant that my approach allows the receiver to fingerprint the 
entity which delivered the original stanza to the forwarding entity, which 
generally wouldn't be the originating entity.

If so, I point out out that this concern should not be new to my approach.  
Certainly the receiver could be various means using forwarding to gleam 
information about any number of entities which handled the original stanza or 
the forwarded stanza.

If the forwarder was particularly concerned, it should deep inspection to 
figure out which aspects of the stream where used in the stanza to be forwarded 
and only copy those needed...  and if an entity in the middle was concerned, it 
could use namespaces in a manner that they would not be available for reuse in 
stanzas they pass.  Namely, only declare the stream namespace in the stream 
header, and make it the default... and declare the content namepace as default 
in the stanza element.   And always put lang tags on elements one creates or 
relays.  Etc.

Maybe XEP 295 should also say:
        Forwarding stanzas can reveal information about entities which handled 
the original stanza (as well information about entities which handled the 
forwarded stanza).

-- Kurt

Reply via email to