Hi, Peter, On Mon, Apr 20, 2015 at 4:09 PM, Peter Saint-Andre - &yet <[email protected]> wrote:
> Hi Spencer, thanks for the review. Comments inline. > > > On 4/20/15 2:23 PM, Spencer Dawkins wrote: > >> Spencer Dawkins has entered the following ballot position for >> draft-ietf-uta-xmpp-06: Yes >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> http://datatracker.ietf.org/doc/draft-ietf-uta-xmpp/ >> >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> This is important work. Thank you for doing it. >> >> I have a couple of points where I wasn't clear on the text, but they're >> nits. >> >> I'm not quite sure what this text: >> >> 3.3. Session Resumption >> >> In XMPP, TLS session resumption can be used in concert with the XMPP >> Stream Management extension; see [XEP-0198] for further details. >> >> means in a major section called "Recommendations". Good idea? Bad idea? >> Doesn't matter? It depends? >> >> I could read "can be used" as saying "it's physically possible", or "it's >> OK", so I thought I should ask. I'm fine with you not saying anything >> normative, but it seems like a thumbs up/down/sideways would be helpful, >> at a minimum. >> > > Yes, that section is a bit terse, isn't it? :-) > In general, the stream management extension (XEP-0198) is a Good Thing > because it enables a client to know if its server did or did not handle the > stanzas it has sent. In particular with regard to session resumption, if an > XMPP session dies for some reason (e.g., spotty connectivity), XEP-0198 > enables the client to resume the XMPP session and resend any stanzas that > were not successfully received over the original stream. Because these > features have significantly improved the reliability of stanza delivery on > the XMPP network, it's quite helpful for clients and servers to implement > XEP-0198. In addition, XEP-0198 recommends the use of TLS session > resumption to further speed this process, so the recommendation really goes > in the direction of XEP-0198 to RFC 5077 and I don't know if it's > appropriate for this document to say "you should implement XEP-0198". > > We might do something like this: > > OLD > In XMPP, TLS session resumption can be used in concert with the XMPP > Stream Management extension; see [XEP-0198] for further details. > > NEW > To improve the reliability of communications over XMPP, it is common > practice for clients and servers to implement the stream management > extension [XEP-0198]. Although that specification includes a method > for resumption of XMPP streams at the application layer, also using > session resumption at the TLS layer further optimizes the process of > session resumption. See [XEP-0198] for detailed information. > Whether or not XEP-0198 is used for application-layer session > resumption, implementations MUST follow the recommendations provided > in [I-D.ietf-uta-tls-bcp] regarding TLS-layer session resumption. That seems really helpful. Thank you for the untersification! Spencer > > In this text: >> >> 5. Security Considerations >> >> The use of TLS can help limit the information available for >> correlation to the network and transport layer headers as opposed to >> the application layer. >> >> I'm guessing what "as opposed to" means. Is this saying >> >> The use of TLS can help limit the information available for >> correlation between the network and transport layer headers >> and the application layer. >> > > Yes, that is clearer. > > Peter > > -- > Peter Saint-Andre > https://andyet.com/ >
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
