-
Notifications
You must be signed in to change notification settings - Fork 42
RFC 6120 features
Jajcus edited this page Jul 21, 2011
·
2 revisions
RFC 6120 features sets implemented in PyXMPP2.
The 'Client' and 'Server' columns contain one of:
- 'YES' – feature is fully supported
- 'NO' – feature is not supported
- 'application' – implementation of this feature is the application responsibility
- 'partial' – feature partially implemented
- 'N/A' – not applicable, according to the RFC
- empty – no data
These are declarations only, not proven by any formal certifications, but they should be mostly true.
| Feature | Description | Client | Server | Notes |
|---|---|---|---|---|
| bind-gen | Generate a random resource on demand. | N/A | YES | |
| bind-mtn | Consider resource binding as mandatory-to-negotiate. | YES | YES | |
| bind-restart | Do not restart the stream after negotiation of resource binding. | YES | YES | |
| bind-support | Support binding of client resources to an authenticated stream. | YES | YES | |
| sasl-correlate | When authenticating a stream peer using SASL, correlate the authentication identifier resulting from SASL negotiation with the 'from' address (if any) of the stream header it received from the peer. | |||
| sasl-errors | Support SASL errors during the negotiation process. | YES | YES | |
| sasl-mtn | Consider SASL as mandatory-to-negotiate. | YES | YES | |
| sasl-restart | Initiate or handle a stream restart after SASL negotiation. | YES | YES | |
| sasl-support | Support the Simple Authentication and Security Layer for stream authentication. | YES | YES | |
| security-mti-auth-scram | Support the SASL SCRAM mechanism for authentication only (this implies support for both the SCRAM‑SHA‑1 and SCRAM‑SHA‑1‑PLUS variants). | YES | YES | for SCRAM‑SHA‑1‑PLUS (channel binding) recent Python 3.3 (not released yet) required |
| security-mti-both-external | Support TLS with SASL EXTERNAL for confidentiality and authentication. | partial | NO | |
| security-mti-both-plain | Support TLS using the TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite plus the SASL PLAIN mechanism for confidentiality and authentication. | YES | NO | |
| security-mti-both-scram | Support TLS using the TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite plus the SCRAM-SHA-1 and SCRAM-SHA-1-PLUS variants of the SASL SCRAM mechanism for confidentiality and authentication. | YES | YES | for SCRAM‑SHA‑1‑PLUS (channel binding) recent Python 3.3 (not released yet) required |
| security-mti-confidentiality | Support TLS using the TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite for confidentiality only. | N/A | NO | |
| stanza-attribute-from | Support the common 'from' attribute for all stanza kinds. | YES | YES | |
| stanza-attribute-from-stamp | Stamp or rewrite the 'from' address of all stanzas received from connected clients. | N/A | NO | |
| stanza-attribute-from-validate | Validate the 'from' address of all stanzas received from peer servers. | N/A | NO | |
| stanza-attribute-id | Support the common 'id' attribute for all stanza kinds. | YES | YES | |
| stanza-attribute-to | Support the common 'to' attribute for all stanza kinds. | YES | YES | |
| stanza-attribute-to-validate | Ensure that all stanzas received from peer servers include a 'to' address. | N/A | NO | |
| stanza-attribute-type | Support the common 'type' attribute for all stanza kinds. | YES | YES | |
| stanza-attribute-xmllang | Support the common 'xml:lang' attribute for all stanza kinds. | YES | YES | |
| stanza-error | Generate and handle stanzas of type "error" for all stanza kinds. | YES | YES | |
| stanza-error-child | Ensure that stanzas of type "error" include an <error/> child element. | YES | YES | |
| stanza-error-id | Ensure that stanzas of type "error" preserve the 'id' provided in the triggering stanza. | YES | YES | |
| stanza-error-reply | Do not reply to a stanza of type "error" with another stanza of type "error". | YES | YES | |
| stanza-extension | Correctly process XML data qualified by an unsupported XML namespace, where "correctly process" means to ignore that portion of the stanza in the case of a message or presence stanza and return an error in the case of an IQ stanza (for the intended recipient), and to route or deliver the stanza (for a routing entity such as a server). | YES | YES | |
| stanza-iq-child | Include exactly one child element in an <iq/> stanza of type "get" or "set", zero or one child elements in an <iq/> stanza of type "result", and one or two child elements in an <iq/> stanza of type "error". | YES | YES | |
| stanza-iq-id | Ensure that all <iq/> stanzas include an 'id' attribute. | YES | YES | |
| stanza-iq-reply | Reply to an <iq/> stanza of type "get" or "set" with an <iq/> stanza of type "result" or "error". | YES | YES | |
| stanza-iq-type | Ensure that all <iq/> stanzas include a 'type' attribute whose value is "get", "set", "result", or "error". | YES | YES | |
| stanza-kind-iq | Support the <iq/> stanza. | YES | YES | |
| stanza-kind-message | Support the <message/> stanza. | YES | YES | |
| stanza-kind-presence | Support the <presence/> stanza. | YES | YES | |
| stream-attribute-initial-from | Include a 'from' attribute in the initial stream header. | YES | YES | |
| stream-attribute-initial-lang | Include an 'xml:lang' attribute in the initial stream header. | YES | YES | |
| stream-attribute-initial-to | Include a 'to' attribute in the initial stream header. | YES | YES | |
| stream-attribute-response-from | Include a 'from' attribute in the response stream header. | N/A | YES | |
| stream-attribute-response-id | Include an 'id' attribute in the response stream header. | N/A | YES | |
| stream-attribute-response-id-unique | Ensure that the 'id' attribute in the response stream header is unique within the context of the receiving entity. | N/A | YES | random UUID is generated for each stream |
| stream-attribute-response-to | Include a 'to' attribute in the response stream header. | N/A | YES | |
| stream-error-generate | Generate a stream error (followed by a closing stream tag and termination of the TCP connection) upon detecting a stream-related error condition. | YES | YES | |
| stream-fqdn-resolution | Resolve FQDNs before opening a TCP connection to the receiving entity. | YES | YES | |
| stream-negotiation-complete | Do not consider the stream negotiation process to be complete until the receiving entity sends a stream features advertisement that is empty or that contains only voluntary-to-negotiate features. | YES | YES | |
| stream-negotiation-features | Send stream features after sending a response stream header. | N/A | YES | |
| stream-negotiation-restart | Consider the previous stream to be replaced upon negotiation of a stream feature that necessitates a stream restart, and send or receive a new initial stream header after negotiation of such a stream feature. | YES | YES | |
| stream-reconnect | Reconnect with exponential backoff if a TCP connection is terminated unexpectedly. | NO | NO | |
| stream-tcp-binding | Bind an XML stream to a TCP connection. | YES | YES | |
| tls-certs | Check the identity specified in a certificate that is presented during TLS negotiation. | partial | NO | Only OtherName/DNS and CommonName fields (Python API limitation, workaround coming soon) |
| tls-mtn | Consider TLS as mandatory-to-negotiate if STARTTLS is the only feature advertised or if the STARTTLS feature advertisement includes an empty <required/> element. | YES | YES | |
| tls-restart | Initiate or handle a stream restart after TLS negotiation. | YES | NO | |
| tls-support | Support Transport Layer Security for stream encryption. | YES | NO | |
| tls-correlate | When validating a certificate presented by a stream peer during TLS negotiation, correlate the validated identity with the 'from' address (if any) of the stream header it received from the peer. | |||
| xml-namespace-content-client | Support 'jabber:client' as a content namespace. | YES | YES | |
| xml-namespace-content-server | Support 'jabber:server' as a content namespace. | N/A | NO | |
| xml-namespace-streams-declaration | Ensure that there is a namespace declaration for the 'http://etherx.jabber.org/streams' namespace. | YES | YES | |
| xml-namespace-streams-prefix | Ensure that all elements qualified by the 'http://etherx.jabber.org/streams' namespace are prefixed by the prefix (if any) defined in the namespace declaration. | YES | YES | |
| xml-restriction-comment | Do not generate or accept XML comments. | partial | partial | Does not generate comments, but will accept them (and ignore) |
| xml-restriction-dtd | Do not generate or accept internal or external DTD subsets. | partial | partial | Does not generate DTD, but may accept them (and ignore) |
| xml-restriction-pi | Do not generate or accept XML processing instructions. | partial | partial | Does not generate PI, but may accept them (and ignore) |
| xml-restriction-ref | Do not generate or accept internal or external entity references with the exception of the predefined entities. | |||
| xml-wellformed-xml | Do not generate or accept data that is not XML-well-formed. | YES | YES | |
| xml-wellformed-ns | Do not generate or accept data that is not namespace-well-formed. | YES | YES |