[jdev] Spoofing of iq ids and misbehaving servers
Mark Doliner
mark at kingant.net
Fri Jan 31 17:01:23 UTC 2014
On Fri, Jan 31, 2014 at 2:51 AM, Alexander Holler <holler at ahsoftware.de> wrote:
> In general the reply should always have 'to' and 'from' exchanged. I think
> any server which doesn't do so, does something wrong.
Hmm, are you talking about the 'jabber:client' namespace? If so I
think this statement isn't correct. I think there are times when 'to'
and 'from' are allowed to be empty. Examples:
- "A stanza sent from a client to a server for direct processing by
the server ... MUST NOT possess a 'to' attribute."
- "When the server generates a stanza from the server for delivery to
the client on behalf of the account of the connected client ..., the
stanza MUST either (a) not include a 'from' attribute or (b) include a
...."
> Where the confusion starts is what servers do use as 'to' for an incoming
> stanza which contains no 'to'. As already said, I and some other servers do
> use the servers JID (usually the domain where the client connected to) as
> 'to', based on the fact that rfc 3920 wasn't clear about that.
Are we talking about the 'jabber:client' namespace? I think the
important thing is that iq stanzas in the client namespace which do
not contain 'to' must be handled by the server. This is clear in both
RFC 3920 and RFC 6120. It seems like an implementation detail as to
whether the server needs to assume a particular value for 'to' in this
case.
More information about the JDev
mailing list