Waqas, I've incorporated all of your feedback into the spec, and will check it with my co-authors here at the XMPP Summit before pushing out a revision.
On Fri, Dec 09, 2011 at 01:38:12AM +0500, Waqas Hussain wrote: > On Tue, Dec 6, 2011 at 3:32 AM, Peter Saint-Andre <stpe...@stpeter.im> wrote: > > On 12/5/11 3:16 PM, XMPP Extensions Editor wrote: > >> Version 0.2 of XEP-0300 (Use of Cryptographic Hash Functions in XMPP) has > >> been released. > >> > >> Abstract: This document provides recommendations for the use of > >> cryptographic hash functions in XMPP protocol extensions. > >> > >> Changelog: Updated to reflect initial analysis of existing XMPP protocol > >> extensions. (psa) > >> > >> Diff: http://xmpp.org/extensions/diff/api/xep/0300/diff/0.1/vs/0.2 > >> > >> URL: http://xmpp.org/extensions/xep-0300.html > > > > Folks, I started to look at XEP-0300 in relation to existing extensions. > > Please review my work so far, and do your own thinking about how useful > > (or not useful) XEP-0300 is. > > > > I'm curious about the descriptive feature namespaces > (urn:xmpp:hash-function-textual-names:md5)... I'm sure there is > something behind not using urn:xmpp:hash:md5, or similar :) > > Also, the encapsulating <hashes xmlns='urn:xmpp:hashes:0'/> element > isn't really necessary, except for cases where only a single element > is allowed (pubsub). I recall we were measuring bytes when defining > entity caps in presence, which would suggest changing this protocol to > more compact. > > A consistent approach to hashes is a good thing. Changing widely > deployed protocols is a bad thing. The nature of the XEP makes it > awkward to use in many protocols (as noted at the end of this > message). I'm -0 on this XEP. > > Of the XEPs listed in XEP-0300 section 4.5, the widely deployed > protocols are entity caps, vcard based avatars, and socks5 > bytestreams. BOSH is widely deployed, but I don't think the hashing > part is. > > I'd suggest leaving vCard based avatars alone. Entity caps is arguably > supposed to change, due to security issues. I'm not sure about the > SOCKS5 XEPs. They are quite widely deployed, and if we do change > things, backwards compatibility will need to be kept. > > That said, changing things in these various protocols would be fairly > awkward, given the existing use of attributes for hashes. e.g., it > would be fairly awkward to change the BOSH 'key' and 'newkey' > attribute to elements in <body/>. > > -- > Waqas Hussain --