On Tue, Dec 6, 2011 at 3:32 AM, Peter Saint-Andre <stpe...@stpeter.im> wrote: > On 12/5/11 3:16 PM, XMPP Extensions Editor wrote: >> Version 0.2 of XEP-0300 (Use of Cryptographic Hash Functions in XMPP) has >> been released. >> >> Abstract: This document provides recommendations for the use of >> cryptographic hash functions in XMPP protocol extensions. >> >> Changelog: Updated to reflect initial analysis of existing XMPP protocol >> extensions. (psa) >> >> Diff: http://xmpp.org/extensions/diff/api/xep/0300/diff/0.1/vs/0.2 >> >> URL: http://xmpp.org/extensions/xep-0300.html > > Folks, I started to look at XEP-0300 in relation to existing extensions. > Please review my work so far, and do your own thinking about how useful > (or not useful) XEP-0300 is. >
I'm curious about the descriptive feature namespaces (urn:xmpp:hash-function-textual-names:md5)... I'm sure there is something behind not using urn:xmpp:hash:md5, or similar :) Also, the encapsulating <hashes xmlns='urn:xmpp:hashes:0'/> element isn't really necessary, except for cases where only a single element is allowed (pubsub). I recall we were measuring bytes when defining entity caps in presence, which would suggest changing this protocol to more compact. A consistent approach to hashes is a good thing. Changing widely deployed protocols is a bad thing. The nature of the XEP makes it awkward to use in many protocols (as noted at the end of this message). I'm -0 on this XEP. Of the XEPs listed in XEP-0300 section 4.5, the widely deployed protocols are entity caps, vcard based avatars, and socks5 bytestreams. BOSH is widely deployed, but I don't think the hashing part is. I'd suggest leaving vCard based avatars alone. Entity caps is arguably supposed to change, due to security issues. I'm not sure about the SOCKS5 XEPs. They are quite widely deployed, and if we do change things, backwards compatibility will need to be kept. That said, changing things in these various protocols would be fairly awkward, given the existing use of attributes for hashes. e.g., it would be fairly awkward to change the BOSH 'key' and 'newkey' attribute to elements in <body/>. -- Waqas Hussain
