On Thu, Oct 12, 2017, at 01:26, Jonas Wielicki wrote: > I prepared a pull request to clarify the wording [1].
Thanks, it's always good to try and make these things clearer. > Well, yes, but that’s the issue with doing webapps, right? Sure, you always have to be careful of this. XHTML-IM just makes it particularly easy to introduce catastrophic flaws and I think we can do much better. > We should first discuss what an alternative would look like (I read the > council meeting backlog and I see that this is a security issue, but > please bear with me!). I agree with this except for the "first" bit. Let's discuss them in parallel. Remember that just because we obsolete it doesn't mean everyone must stop using it right away, it just means that we're discouraging (but not disallowing) new implementations, which is something I think we should do because of the history of insecurity surrounding this spec. > There are legitimate use-cases for markup Agreed, let's definitely start work on a replacement as soon as possible. > And we need to make sure that we don’t trade one vulnerability for > another. Also agreed. > There are two large categories of alternatives which are possible It might be good to start a new thread to discuss alternatives. This thread is about obsoleting XHTML-IM due to a history of security issues. Thanks for starting this discussion though! —Sam -- Sam Whited s...@samwhited.com _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
