On 3/10/24 9:18 AM, Daniel Gultsch wrote:
This message constitutes notice of a Last Call for comments on
XEP-0360.
Title: Nonzas (are not Stanzas)
Abstract:
This specification defines the term "Nonza", describing every top
level stream element that is not a Stanza.
URL: https://xmpp.org/extensions/xep-0360.html
This Last Call begins today and shall end at the close of business on
2024-03-25.
Please consider the following questions during this Last Call and send
your feedback to the [email protected] discussion list:
1. Is this specification needed to fill gaps in the XMPP protocol
stack or to clarify an existing protocol?
I think this spec does a good job of clarifying the use of top-level
elements other than message, iq, and presence.
2. Does the specification solve the problem stated in the introduction
and requirements?
Yes.
3. Do you plan to implement this specification in your code? If not,
why not?
N/A
4. Do you have any security concerns related to this specification?
Maybe. See below.
5. Is the specification accurate and clearly written?
In Section 4, I suggest a tweak to the following sentence:
OLD
Nonzas are commonly used when it is not necessary to route the exchanged
information behind the endpoints of an XMPP stream.
NEW
Nonzas are commonly used to exchange information between, but not
beyond, the endpoints of an XMPP stream (e.g., between a client and its
server).
In Section 5, business rule #2 states:
"Nonzas SHOULD NOT have a 'from' or 'to' attribute."
I have a few questions:
- When is it sensible to make an exception to this SHOULD NOT?
- How should the 'from' and especially 'to' attributes be handled in the
light of RFC 6120 §4.7?
- Could the use of these attributes introduce security issues?
- Would it be better to say MUST NOT here?
Peter
_______________________________________________
Standards mailing list -- [email protected]
To unsubscribe send an email to [email protected]
