Re: [Standards] XEP-0138: security considerations
Hi Peter, At 16:18 08-04-2014, Peter Saint-Andre wrote: Before we released the security note about application-layer compression last week [1] (which now seems to have been overshadowed by the heartbleed bug in OpenSSL), I started to work on some updates to XEP-0138. Here is my proposed text for the Security Considerations section: When I read the advisory I was reminded of an old issue which caused a similar Denial of Service attack. I wondered why we did not learn anything from the past. Anyway, some of the suggested guidelines are to leave it to the administrator to turn on compression and setting defaults to avoid high resource consumption. Shouldn't that be addressed at the TLS level as it provides the functionality, with a relevant pointer in XEP-0138 so that the warning is not overlooked? Regards, -sm
Re: [Standards] Discussion venue Re: e2e privacy for XMPP Re: RFC 3923 (e2e with S/MIME) and OpenPGP
At 05:27 20-11-2013, Carlo v. Loesch wrote: So you mean Tor is interoperable, although just with itself? Probably true. Tor is free software and an open network. The question is not clear enough to tell whether it can be considered as interoperable. Getting back to the topic in the subject line, the question is what are the properties of, for example, Tor and how does it relate to the topic. Regards, -sm
[Standards] XMPP Standards Foundation and XEP-0001
Hello, According to XEP-0001: The XMPP Standards Foundation (XSF) adheres to an open standards process I browsed through the www.xmpp.org web site. I found some meeting minutes at http://xmpp.org/about-xmpp/xsf/meeting-minutes/ The minutes for the past year is basically voting results. Is XSF still operational and if so, is there any requirement for it to operate in a transparent manner? Regards, -sm
Re: [Standards] XMPP Standards Foundation and XEP-0001
Hi Ralph, Thanks for the quick and substantive reply. At 08:11 21-09-2013, Ralph Meijer wrote: Finally, there is the Board, which takes care of the organizational stuff regarding the Foundation: finance, planning summits, managing voting, and steering our 'teams'. Board meetings are open, and take place in xmpp:x...@muc.xmpp.org, just like member meetings, and also logged. Most of the XSF discussion happens on the members mailing list. The member meetings would be regular meetings as stated in Section 5.3 of the XSF by-laws. I do notice that out website doesn't clearly show where the XSF MUC room archives are. That's something we should address. Ok. I looked up the Financial summary ( http://xmpp.org/about-xmpp/xsf/xsf-financial-summary/ ). It was last updated in 2008. In my humble opinion providing raw logs is not welcoming for anyone who would like to gain an understanding of what the XSF Board does. I do understand that it is paperwork and it may not seem relevant to the development of XMPP standards. However, the world out there tends to give undue attention to paperwork. Having 501(c)(3) status is not inviting when there aren't timely publicly accessible reports. On an unrelated note, I was puzzled when I could not find any comment from the XSF Board about a matter which is directly related to the primary mission in light of current events (see http://www.ietf.org/mail-archive/web/ietf/current/msg82679.html ). Regards, -sm