* Jonas Schäfer <[email protected]> [2018-10-20 13:55]: > 1. Is this specification needed to fill gaps in the XMPP protocol > stack or to clarify an existing protocol?
Unfortunately yes, as we can't just retroactively make the stanza @id field work reliably. > 2. Does the specification solve the problem stated in the introduction > and requirements? Yes. > 3. Do you plan to implement this specification in your code? If not, > why not? Yes. > 4. Do you have any security concerns related to this specification? §3 point 2 should probably be changed from | Stanza ID generating entities, which encounter a <stanza-id/> element | where the 'by' attribute matches the 'by' attribute they would otherwise | set, MUST delete that element even if they are not adding their own | stanza ID. to | Entities which receive a stanza with a <stanza-id/> element | where the 'by' attribute matches the entiy's own JID, MUST delete that | element even if they are not adding their own stanza ID. Obviously this can only be supported by entities that understand the XEP, but otherwise a server might just pass on malicious stanza-id elements from a client or remote entity. Georg -- || http://op-co.de ++ GCS d--(++) s: a C+++ UL+++ !P L+++ !E W+++ N ++ || gpg: 0x962FD2DE || o? K- w---() O M V? PS+ PE-- Y++ PGP+ t+ 5 R+ || || Ge0rG: euIRCnet || X(+++) tv+ b+(++) DI+++ D- G e++++ h- r++ y? || ++ IRCnet OFTC OPN ||_________________________________________________||
signature.asc
Description: PGP signature
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
