[Standards] XMPP over Websocket vs XEP-0198

2013-01-25 Thread Stefan Strigler
Hi, within Section 3.5[1] XMPP over Websocket states that the closing party MUST close the XMPP stream if it has been established. With hindsight of page transitions within legacy web apps this might not be wanted by the client as it might wish to resume the stream by use (abuse?) of XEP-0198

[Standards] XEP-0198 and SASL-Anonymous

2013-01-25 Thread Winfried Tilanus
Hi, And now we are talking about XEP-0198, I think the security considerations should take some more situations in account for the session hijacking protection. When properly and securely authenticated, the authentication is enough protection against sesion hijacking. But when using

[Standards] some more questions about XEP-0198

2013-01-25 Thread Winfried Tilanus
Hi, Reading XEP-0198, I was wondering two things: - Is there a reason acking and resuming, imho two different and independent things, are in one XEP? - Is there also a XEP that takes care of resending a stanza when it does not get acked? Winfried

Re: [Standards] some more questions about XEP-0198

2013-01-25 Thread Winfried Tilanus
On 01/25/2013 03:16 PM, Stefan Strigler wrote: Hi, In order to resend unacknowledged stanzas upon resuming a stream you need to know about request and anwers. Clear answer, it made me realise I was thinking about a different case: what to do when only one or two stanzas are dropped but then

Re: [Standards] XEP-0198 and SASL-Anonymous

2013-01-25 Thread Matt Miller
On Jan 25, 2013, at 7:08 AM, Winfried Tilanus winfr...@tilanus.com wrote: Hi, And now we are talking about XEP-0198, I think the security considerations should take some more situations in account for the session hijacking protection. When properly and securely authenticated, the

Re: [Standards] XMPP over Websocket vs XEP-0198

2013-01-25 Thread Peter Saint-Andre
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 1/25/13 9:42 AM, Winfried Tilanus wrote: On 01/25/2013 05:15 PM, Peter Saint-Andre wrote: Peter, [1] https://tools.ietf.org/html/draft-moffitt-xmpp-over-websocket-01#section-3.5 IMHO that spec needs quite a bit of work, still. New

Re: [Standards] Disco Search

2013-01-25 Thread Justin Karneges
On Friday, January 25, 2013 10:31:32 PM Dave Cridland wrote: b) A generalized mechanism for constructing node names programmatically to find such information? Say urn:xmpp:disco:search?owner=d...@jabber.org for example. XEP-303 suggests something exactly like this: 'A dynamic node accepts

Re: [Standards] Disco Search

2013-01-25 Thread Lance Stout
I too have been working with several extensions lately that need search capabilities, so this has been in my mind the last few days. I don't have fully formed ideas on how how it would look, etc, but I would be interested in experimenting with expanding (or drafting a replacement) XEP-0055 to