[JDEV] Jabberd 1.5 Development

Iain Shigeoka iainshigeoka at yahoo.com
Fri Jan 18 11:40:53 CST 2002 

On 1/18/02 4:47 AM, "Daniel Veillard" <veillard at redhat.com> wrote:

>>  Which standards are you talking about ? If you think of the correct
>> processing of xml namespaces i'm +1 on this one.
> 
> There is also a large amount of undescribed issues going further than
> the XML Namespace specification but lying at the core of XML:
>   - what happen with commnets in the XML streams
>   - ditto with PI (processing instructions)
>   - what about the recommended encodings, is UTF-8 mandatory
>   - what about empty tags serialization from an XML point of view
>     <hash/> is equivalent to <hash></hash>
>   - reserved namespace names, seems jabber reserves those
>     starting with "jabber:", however this is unclear what would
>     happen in case of unrecognized namespace. Note also that
>     "http://jabber.org/" based namespace name would probably
>     have been better from a legal point of view...
> 
> What I would like to avoid is a reference implementation setting up
> the "standard" [*] . What I would like to see as much as possible is a
> written description of the part from the underlying spec (XML XMLNs, etc...)
> where there is an expected deviation in behaviour during processing.

Excellent.  I've been harping on this for a while.

> I would like to see a freeze in features allowing to write those down
> as much as possible, and move the parts which are actaully implemented
> and in use from the draft section move into the "standard" section.

This is part of the standards process in the foundation however I agree that
its being given short shrift.  I was arguing for rigorous standardization of
the existing Jabber protocols before doing anything else but was convinced
that things need changing (jabber next generation).  So from what I
understand, we're going to be creating the next generation protocols then
documenting...  I'd be interested in discussing it further though.

> If you are really in dire need of ideas to code, I would like to
> see how server SSL certificate checking like in https could be done from
> the client. It would be great too if the SSL server would react better if
> the SSL certificate is not present or readable (it simply don't answer
> the client requests without dropping the connexion), and if there was
> an official way to bin all interfaces (ACCEPT *) to the SSL port with a single
> certificate (something like <ssl port='5223'/> in pthcsock and
> <ssl> <key ip='*'>/etc/sysconfig/jabber/jabberkey.pem</key> </ssl>
> in the io section). It's just a few things I had to fight with in the
> last days. 

You should jump into the security jig at foundation.jabber.org.  We're just
now starting to look at these things.

-iain


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

More information about the JDev mailing list