On 09.02.2017 00:07, XMPP Extensions Editor wrote: > This message constitutes notice of a Last Call for comments on XEP-0280 > (Message Carbons). > > Abstract: In order to keep all IM clients for a user engaged in a > conversation, outbound messages are carbon-copied to all interested resources. > > URL: http://xmpp.org/extensions/xep-0280.html > > This Last Call begins today and shall end at the close of business on > 2017-02-22. > > Please consider the following questions during this Last Call and send your > feedback to the standards@xmpp.org discussion list: > > 1. Is this specification needed to fill gaps in the XMPP protocol stack or to > clarify an existing protocol?
Yes. > 2. Does the specification solve the problem stated in the introduction and > requirements? Yes. > 3. Do you plan to implement this specification in your code? If not, why not? Already implemented. > 4. Do you have any security concerns related to this specification? Entity impersonation vulnerabilities. One way to solve them would be if carbons would use Nonzas instead of Stanzas for the forwarded messages. But then we would want to have Nonzas taken into account by Stream Management. Since I don't see that happening anytime soon, I don't consider this to be an blocker for carbons advancing to draft. Also the "Security Considerations" section of carbons are clear on that. > 5. Is the specification accurate and clearly written? Mostly. I'm missing whether or not the carbons state is restored after stream resumption. I think that there is no harm in restoring the state after resumption, which would save us a round trip (until Bind2/SASL2 arrives). Therefore I suggest https://github.com/xsf/xeps/pull/402 And I'm not a fan of the term 'forked'. - Florian
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________