On 14 Mar 2018 17:29, "Jonas Wielicki" <[email protected]> wrote:
The XEP Editor would like to Call for Experience with XEP-0092 before presenting it to the Council for advancing it to Final status. During the Call for Experience, please answer the following questions: 1. What software has XEP-0092 implemented? Please note that the protocol must be implemented in at least two separate codebases (at least one of which must be free or open-source software) in order to advance from Draft to Final. Openfire implements this, and qualifies as open-source software under the OSI definition. (I'm also aware that Prosody, ejabberd, Isode M-Link, and possibly ever extant server implements this). 2. Have developers experienced any problems with the protocol as defined in XEP-0092? If so, please describe the problems and, if possible, suggested solutions. The specification notes that revealing the Operating System might provide an attacker with useful information with which to carry out an attack. It does not, however, note the same is true of the XMPP software name and version. Since the version is not option, this means software cannot reveal the name without the version - however, it seems to me that the version could be left as an empty element, and newer clients could consider this as unspecified. In any case, noting that software names and versions are of potential interest to an attacker is, I think, worth noting in the Security Considerations. 3. Is the text of XEP-0092 clear and unambiguous? Are more examples needed? Is the conformance language (MAY/SHOULD/MUST) appropriate? Have developers found the text confusing at all? Please describe any suggestions you have for improving the text. All good. (Note mandatory version above). If you have any comments about advancing XEP-0092 from Draft to Final, please provide them by the close of business on 2018-03-28. After the Call for Experience, this XEP might undergo revisions to address feedback received, after which it will be presented to the XMPP Council for voting to a status of Final. You can review the specification here: https://xmpp.org/extensions/xep-0092.html Please send all feedback to the [email protected] discussion list. _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
