• Feeds

  • Archive for the ‘XMPP’ Category


    disco#info, service discovery 发现服务 XEP-0030

    总结一下,XEP-0030 (前JEP-0030) disco#info 3个主要用途:

    1. 查询服务器
    <iq from=’tim@timpc/home’ to=’timpc’>
    <query xmlns=’http://jabber.org/disco#info’/>
    </iq>

    目标主机必须返回一个IQ结果或错误。
    返回结果的 <query/> 必须标明 ‘http://jabber.org/protocol/disco#info’ namespace,含有一到多个 <identity/> 一到多个 <feature/> elements.

    Note: Every entity MUST have at least one identity, and every entity MUST support at least the ‘http://jabber.org/protocol/disco#info’ feature; however, an entity is not required to return a result and MAY return an error, most likely <feature-not-implemented/> or <service-unavailable/>, although other error conditions may be appropriate.

    每个 <identity/> 里面必须包含 ‘category’ and ‘type’, 并可以加上一个友好的名称 ‘name’
    每个 <feature/> 必须包含 ‘var’ protocol namespace or other feature offered by the entity.category/type 最好是存在一个注册表里面

    2. 查询某个JID
    当一个 disco#info 发送到一个普通用户JID时候,JID的服务器必须直接返回结果,不过我看不出这个请求有多大的实际用途。JEP的例子说应答服务器在确认请求方是可以信任的前提下可以返回这个用户是否注册。

    向服务器查询 juliet@capulet.com 的 disco#info
    &lt;iq type='get'
    from='shakespeare.lit'
    to='juliet@capulet.com'
    id='info2'&gt;
    &lt;query xmlns='http://jabber.org/protocol/disco#info'/&gt;
    &lt;/iq&gt;

    服务器应答 registered account
    &lt;iq type='result'
    from='juliet@capulet.com'
    to='shakespeare.lit'
    id='info2'&gt;
    &lt;query xmlns='http://jabber.org/protocol/disco#info'&gt;
    &lt;identity category='account' type='registered'/&gt;
    &lt;/query&gt;
    &lt;/iq&gt;

    也可以应答当前用户连接的 resource 的信息
    &lt;iq type='get'
    from='juliet@capulet.com/balcony'
    to='timyang@jabber.org/orchard'
    id='info4'&gt;
    &lt;query xmlns='http://jabber.org/protocol/disco#info'/&gt;
    &lt;/iq&gt;

    <iq type=’result’
    from=’timyang@jabber.org/orchard’
    to=’juliet@capulet.com/balcony’
    id=’info4′>
    <query xmlns=’http://jabber.org/protocol/disco#info’>
    <identity
    category=’client’
    type=’pc’
    name=’Gabber’/>
    <feature var=’jabber:iq:time’/>
    <feature var=’jabber:iq:version’/>
    </query>
    </iq>

    3. 查询 conference room (muc)
    <iq type=’get’
    from=’juliet@capulet.com/balcony’
    to=’balconyscene@plays.shakespeare.lit’
    id=’info3′>
    <query xmlns=’http://jabber.org/protocol/disco#info’/>
    </iq>

    <iq type=’result’
    from=’balconyscene@plays.shakespeare.lit’
    to=’juliet@capulet.com/balcony’
    id=’info3′>
    <query xmlns=’http://jabber.org/protocol/disco#info’>
    <identity
    category=’conference’
    type=’text’
    name=’Romeo and Juliet, Act II, Scene II’/>
    <feature var=’http://jabber.org/protocol/disco#info’/>
    <feature var=’http://jabber.org/protocol/muc’/>
    <feature var=’http://jabber.org/protocol/feature-neg’/>
    <feature var=’muc-password’/>
    <feature var=’muc-hidden’/>
    <feature var=’muc-temporary’/>
    <feature var=’muc-open’/>
    <feature var=’muc-unmoderated’/>
    <feature var=’muc-nonanonymous’/>
    </query>
    </iq>

    JID欺骗 (JEP-0165) JID Spoofing

    JEP-0165 JID Spoofing,最新版本叫XEP-0165: Best Practices to Discourage JID Mimicking

    JID 欺骗其实不只是在Jabber的领域发生,在MSN, Email中同样也存在,如你是 Microsoft 的员工,有个
    的MSN账号添加你(注意是BI11),这就是一个账号欺骗,他希望你认为他是。

    因此在 jabber 的世界里面 (注意是PAYPA1)会冒充 来欺骗你。这个方法在一些术语里面也称为“typejacking”,因此这个JEP提供了几个 best practice 来防止 JID 欺骗。

    1. 使用 petname system
    2. 使用证书
    3. 添加好友需要一个双方都认识的中间人(相当于只有邀请only的圈子)

    其他还有些不是十分实用的方法

    Every human user of Jabber/XMPP technologies presumably has a preferred language (or, in some cases, a small set of preferred languages), which an XMPP application SHOULD gather either explicitly from the user or implicitly via the user’s operating system. Furthermore, every language has a range of characters normally used to represent that language in textual form. Therefore, an XMPP application SHOULD warn the user when presenting a JID that uses characters outside the normal range of the user’s preferred language(s).