[JDEV] jabber:iq:search question

David Waite mass at akuma.org
Tue Dec 10 09:04:04 CST 2002 

On Monday, December 9, 2002, at 05:51  PM, Peter Saint-Andre wrote:

> Hmm, does this technique rely on sending multiple IQ results with the 
> same
> 'id' attribute? If so, that's in violation of the XMPP core doc, which
> specifies that the value of an ID must be unique within a stream (this 
> is
> consistent with the XML spec).
>
This is not correct - there is no way that you can enforce ID 
uniqueness since the IDs are determined by multiple schemes by multiple 
endpoints. I cannot determine if two parties will send me a message 
stamped with the same 'id' attribute. I also cannot prevent two 
info-query requests against my client from different parties (which 
will require me to respond with the same 'id' attribute twice for 
correctness, once to each party).

  When it comes down to it, the ID is just a transactional cue for the 
benefit of clients, since all communication is asynchronous.

Or in other words, this requirement in draft-ietf-xmpp-core is 
incorrect; we do not meet it now and it is impossible to meet in either 
direction of the XML stream. Traffic originating from an endpoint 
SHOULD have unique id attributes, but there is nothing else in the 
system which will fail if they don't.

-David Waite


> Peter
>
> --
> Peter Saint-Andre
> Jabber Software Foundation
> http://www.jabber.org/people/stpeter.php
>
> On Sun, 8 Dec 2002, Sebastiaan 'CBAS' Deckers wrote:
>
>> Is there any implementation of a public service using this technique?
>> My client supports these sequential results however I could never test
>> this in the real world.
>> This is an interesting protocol design choice, but it raises security
>> concerns.  When all you have to rely on is the "id" attribute, how 
>> much
>> chance is there that someone can spoof results?  Or even by accident, 
>> as
>> most libraries don't generate random id's.
>>
>> --
>> Sebastiaan
>>
>>
>> Peter Saint-Andre wrote:
>>> If you have implemented jabber:iq:search in your software AND you are
>>> using the feature that enabled you so receive multiple IQs for large
>>> result sets, I would appreciate it if you could let me know. When I
>>> documented jabber:iq:search in JEP-0055, I left this out because I 
>>> have
>>> not been able to find implementations. But if there are 
>>> implementations, I
>>> may add it in.
>>>
>>> Thanks.
>>>
>>> Peter
>>>
>>> --
>>> Peter Saint-Andre
>>> Jabber Software Foundation
>>> http://www.jabber.org/people/stpeter.php
>>
>> _______________________________________________
>> jdev mailing list
>> jdev at jabber.org
>> http://mailman.jabber.org/listinfo/jdev
>>
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>

More information about the JDev mailing list