Re: [Standards] 'from' address on roster push
Tomasz Sterna wrote: > Dnia 05-07-2007, czw o godzinie 16:31 -0600, Peter Saint-Andre > napisał(a): >> Now, a 'from' address of the full JID seems odd to me. What if I send >> an IQ-set from one of my resources to another? Does that mean I can do >> roster pushes directly from one resource to another without updating >> the roster on the server? > > It would come from other [EMAIL PROTECTED]/resource that the connection is > bound and should be ignored. SHOULD be ignored by the client that receives the IQ-results from the other resources? And the IQ-results are not received by the server or processed by the server, even though the server is the entity that sent the roster pushes. Bad. Peter -- Peter Saint-Andre XMPP Standards Foundation http://www.xmpp.org/xsf/people/stpeter.shtml smime.p7s Description: S/MIME Cryptographic Signature
Re: [Standards] 'from' address on roster push
Dnia 05-07-2007, czw o godzinie 16:31 -0600, Peter Saint-Andre napisał(a): > Now, a 'from' address of the full JID seems odd to me. What if I send > an IQ-set from one of my resources to another? Does that mean I can do > roster pushes directly from one resource to another without updating > the roster on the server? It would come from other [EMAIL PROTECTED]/resource that the connection is bound and should be ignored. -- Tomasz Sterna Xiaoka Grp. http://www.xiaoka.com/
Re: [Standards] 'from' address on roster push
Peter Saint-Andre wrote: Tomasz Sterna wrote: Dnia 27-06-2007, śro o godzinie 16:50 -0600, Peter Saint-Andre napisał(a): So I propose the following text: A server MUST ignore any 'to' address on a roster set, and MUST treat any roster "set" as applying to the sender. A server MUST NOT include a 'from' address on a roster push. If a roster push includes a 'from' address then the client SHOULD ignore the stanza. Is it backwards compatible? Good question. RFC 3921 talks only about what the client must do with regard to the 'from' address on a roster push: a client SHOULD check the "from" address of a "roster push" (incoming IQ of type "set" containing a roster item) to ensure that it is from a trusted source; specifically, the stanza MUST either have no 'from' attribute (i.e., implicitly from the server) or have a 'from' attribute whose value matches the user's bare JID (of the form <[EMAIL PROTECTED]>) or full JID (of the form <[EMAIL PROTECTED]/resource>); otherwise, the client SHOULD ignore the "roster push". If a bis-compliant server never includes a 'from' address on a roster push, a 3921-compliant client will not break. However, a bis-compliant client might ignore roster pushes from a 3921-compliant server, since a 3921-compliant server might include a 'from' address whose value is the bare JID or full JID of the user. Now, a 'from' address of the full JID seems odd to me. What if I send an IQ-set from one of my resources to another? Does that mean I can do roster pushes directly from one resource to another without updating the roster on the server? Does the server deliver the IQ-result packets from all interested resources to the initiating resource for the roster set? That seems wrong to me (i.e., I think it's a spec bug in RFC 3921). A bare JID makes more sense because IQs sent to the bare JID are handled by the server. But in that case, the server can't perform the usual swapping of 'from' and 'to' addresses anyway, so it seems easier to not include the 'from' address. In our case, server handles roster iq's, irrespective of destination specified in stanza and will always be processed for the sender. Regards, Mridul Peter
Re: [Standards] 'from' address on roster push
Tomasz Sterna wrote: > Dnia 27-06-2007, śro o godzinie 16:50 -0600, Peter Saint-Andre > napisał(a): >> So I propose the following text: >> >>A server MUST ignore any 'to' address on a roster set, and MUST >>treat any roster "set" as applying to the sender. A server MUST >>NOT include a 'from' address on a roster push. If a roster push >>includes a 'from' address then the client SHOULD ignore the >> stanza. > > Is it backwards compatible? Good question. RFC 3921 talks only about what the client must do with regard to the 'from' address on a roster push: a client SHOULD check the "from" address of a "roster push" (incoming IQ of type "set" containing a roster item) to ensure that it is from a trusted source; specifically, the stanza MUST either have no 'from' attribute (i.e., implicitly from the server) or have a 'from' attribute whose value matches the user's bare JID (of the form <[EMAIL PROTECTED]>) or full JID (of the form <[EMAIL PROTECTED]/resource>); otherwise, the client SHOULD ignore the "roster push". If a bis-compliant server never includes a 'from' address on a roster push, a 3921-compliant client will not break. However, a bis-compliant client might ignore roster pushes from a 3921-compliant server, since a 3921-compliant server might include a 'from' address whose value is the bare JID or full JID of the user. Now, a 'from' address of the full JID seems odd to me. What if I send an IQ-set from one of my resources to another? Does that mean I can do roster pushes directly from one resource to another without updating the roster on the server? Does the server deliver the IQ-result packets from all interested resources to the initiating resource for the roster set? That seems wrong to me (i.e., I think it's a spec bug in RFC 3921). A bare JID makes more sense because IQs sent to the bare JID are handled by the server. But in that case, the server can't perform the usual swapping of 'from' and 'to' addresses anyway, so it seems easier to not include the 'from' address. Peter -- Peter Saint-Andre XMPP Standards Foundation http://www.xmpp.org/xsf/people/stpeter.shtml smime.p7s Description: S/MIME Cryptographic Signature
Re: [Standards] 'from' address on roster push
Dnia 27-06-2007, śro o godzinie 16:50 -0600, Peter Saint-Andre napisał(a): > So I propose the following text: > >A server MUST ignore any 'to' address on a roster set, and MUST >treat any roster "set" as applying to the sender. A server MUST >NOT include a 'from' address on a roster push. If a roster push >includes a 'from' address then the client SHOULD ignore the > stanza. Is it backwards compatible? -- Tomasz Sterna Xiaoka Grp. http://www.xiaoka.com/
[Standards] 'from' address on roster push
RFC 3921 saith: A server MUST ignore any 'to' address on a roster "set", and MUST treat any roster "set" as applying to the sender. For added safety, a client SHOULD check the "from" address of a "roster push" (incoming IQ of type "set" containing a roster item) to ensure that it is from a trusted source; specifically, the stanza MUST either have no 'from' attribute (i.e., implicitly from the server) or have a 'from' attribute whose value matches the user's bare JID (of the form <[EMAIL PROTECTED]>) or full JID (of the form <[EMAIL PROTECTED]/resource>); otherwise, the client SHOULD ignore the "roster push". I think it would be simpler to specify that the server MUST NOT include a 'from' address on the roster push. The client would then need to ignore the 'from' (not do all that checking). So I propose the following text: A server MUST ignore any 'to' address on a roster set, and MUST treat any roster "set" as applying to the sender. A server MUST NOT include a 'from' address on a roster push. If a roster push includes a 'from' address then the client SHOULD ignore the stanza. Peter -- Peter Saint-Andre XMPP Standards Foundation http://www.xmpp.org/xsf/people/stpeter.shtml smime.p7s Description: S/MIME Cryptographic Signature
