On 14.11.18 13:16, Holger Weiß wrote: > * Georg Lukas <ge...@op-co.de> [2018-11-14 12:47]: >> * Holger Weiß <hol...@zedat.fu-berlin.de> [2018-11-14 10:41]: >>> * Georg Lukas <ge...@op-co.de> [2018-11-13 18:29]: >>>> §3 point 2 should probably be changed from >>>> >>>> | Stanza ID generating entities, which encounter a <stanza-id/> element >>>> | where the 'by' attribute matches the 'by' attribute they would otherwise >>>> | set, MUST delete that element even if they are not adding their own >>>> | stanza ID. >>>> >>>> to >>>> >>>> | Entities which receive a stanza with a <stanza-id/> element >>>> | where the 'by' attribute matches the entiy's own JID, MUST delete that >>>> | element even if they are not adding their own stanza ID. >>> >>> I guess the former wording was chosen deliberately to avoid the >>> ambiguity about who exactly the "entities wich receive a stanza" might >>> be. §3, point 7 says: "For one-on-one messages the assigning entity is >>> the account. In groupchats the assigning entity is the room." With >>> your wording, readers might assume the entity is the server itself. >> >> Maybe then the wording needts to be "where the 'by' attribute matches a >> JID that the entity is responsible for"? I just want to prevent somebody >> injecting stanzas into my administrative domain with one of my JIDs. > > So this isn't just about wording but about semantics? I.e., you want > the XEP to mandate the server to strip all stanza IDs with by=$JID, > where $JID is any user or server JID the server feels responsible for? > > In that case we'd disagree. The XEP should only mandate stripping of > stanzas for those JIDs on which the server announces XEP-0359 support, > which is what the current wording is trying to do. Any other JIDs are > out of scope.
I'd like to hear more about the reasons for your disagreement. I am not entirely sure if participants in this discussion always talked about the exact same thing. Maybe a concrete example would help: Server 'example.org' receives stanza from 'foo.org' with a <stanza-id by='u...@example.org' id='…'> Should the 'example.org' server sanitize this <stanza-id/> or not? Which JIDs exactly do you think are out of scope? Could you give an example? - Florian
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________