-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Dave, thanks for the review.
On 6/2/09 3:42 PM, Dave Cridland wrote: > On Thu May 28 21:50:34 2009, XMPP Extensions Editor wrote: > >> 4. Do you have any security concerns related to this specification? > > The Security Considerations section is a bit weak You're right! > - I think it should > make it clear that clients mustn't be allowed to resume other people's > streams, and discuss how this is prevented. (Answer, don't allow > unauthenticated clients to resume streams, etc). Yes, I will add some text about that. > I don't think it needs to mention intermediate proxies - that one had me > bewildered until I realised it means transparent proxies between client > and server. I suppose it means things like BOSH connection managers. Justin? >> 5. Is the specification accurate and clearly written? > > Mostly. I think it would be useful to define "handled" stanzas by way of > transfer of responsibility. > > That is to say, each stanza, under XEP-0198, is either the > responsibility of the sender (to send) or the receiver (to process, > forward, etc). Until a sender receives an ack for the stanza, it has > responsibility, and once the receiver sends an ack, it assumes > responsibility. Good point. > Example 12 uses the wrong single letter element local-name - doesn't it? Fixed. > I'll probably send more comments later. Thanks. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkomjYgACgkQNL8k5A2w/vw7oQCg7VPKSbcvwQz40xx7FTUQrrlq ymEAnRsE4B8wwGhhHjTHornWUbLbSNr4 =IWTc -----END PGP SIGNATURE-----