As previously mentioned, we are working to update the core XMPP specifications by incorporating feedback based on the significant implementation and deployment experience with XMPP technologies we have gained since RFC 3920 and RFC 3921 were published in October, 2004. To date we have expected the revised versions to advance XMPP to a status of Draft Standard within the Internet Standards Process managed by the IETF. However, it seems that we overlooked some of the rules from RFC 2026, specifically that “standards track specifications normally must not depend on other standards track specifications which are at a lower maturity level”. What this means is that the XMPP specifications will not be able to advance to Draft until the specs defining IETF technologies on which XMPP depends also advance to Draft (i.e., until there are no more downward references or “downrefs”).
Unfortunately, the XMPP specs have many downrefs, including the following:
- RFC 2743: Generic Security Service Application Program Interface Version 2, Update 1
- RFC 2782: A DNS RR for specifying the location of services (DNS SRV)
- RFC 2831: Using Digest Authentication as a SASL Mechanism
- RFC 3280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
- RFC 3454: Preparation of Internationalized Strings (“stringprep”)
- RFC 3490: Internationalizing Domain Names in Applications (IDNA)
- RFC 3491: Nameprep: A Stringprep Profile for Internationalized Domain Names (IDN)
- RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace
- RFC 4346: The Transport Layer Security (TLS) Protocol Version 1.1
- RFC 4422: Simple Authentication and Security Layer (SASL)
- RFC 4648: The Base16, Base32, and Base64 Data Encodings
Given the serious number of significant downrefs, I think it’s unrealistic for us to expect advancement of XMPP to Draft Standard anytime soon. It appears that the best we can do is update the XMPP specs as we have been doing, resulting in revised specifications that reflect our community’s implementation and deployment experience but that are still at the Proposed Standard level.