-
flow
the trick is not to make IDs collision resistant, but to make them resitant to spoofing
-
lovetox
why flow? in what scenario can someone spoof a archive id
-
flow
lovetox, anyone could add a stanza-id with any 'by' and 'id' value, the question is, if hops sanitize them and if receiving entities check the values for plausibility
-
lovetox
thats not a question, thats what the standard mandates
-
flow
same with the rfc stanza id and origin-id, you can only use its id within the scope of the sending entity (as discussed with jc recently here)
-
lovetox
if you question this, then you can not use xmpp anymore, because then you need to question alot more
-
flow
the point is not that it's not impossible, but that it's prone to implementation errors
-
flow
my prime example is a +1 rection based on an id, and somebody else sends another message with a different content but the same id✎ -
flow
my prime example is a +1 reaction based on an id, and somebody else sends another message with a different content but the same id ✏
-
flow
the fear is that there will be implementations that apply the +1 reaction onto the other (newer) message
-
flow
kinda reminds me to the carbons stanza forward issues we saw (even though, atm I can't explain why I feel like it is similar…)
-
qy
flow: But how is that any different with origin-id?
-
emus
End of month is approaching, please use your chance to add your May news to the XMPP Newsletter 🙂 https://github.com/xsf/xmpp.org/pull/1137
-
Maranda
> <flow> lovetox, anyone could add a stanza-id with any 'by' and 'id' value, the question is, if hops sanitize them and if receiving entities check the values for plausibility that doesn't solve at all the principal flaw: having to deal with three different kinds of IDs
-
flow
qy: spoof resistence of origin-id is probably equal to rfc stanza id, but origin-id signals that it is globally unique, where the rfc stanza id may only be unique within the scope of the stream of the sending entity
-
flow
Maranda, it wasn't meant to solve this "flaw". my point was merely that id-consuming entities must be careful when processing IDs, and that creating and sending collision resistant IDs is easy (assuming we are talking about involuntary collisions)
-
rebeld22
Bye bye Magdeburgo! lol Benfica european champions!
-
Zash
???
-
qy
Troll alert
-
qy
This guy's banned from disroot for being a monumental moron