[Standards-JIG] how to handle IQ while invisible

[Peter Saint-Andre]

Mridul wrote:
> 
> Peter Saint-Andre wrote:
>> Richard Dobson wrote:
>>   
>>> Le Boulanger Yann wrote:
>>>     
>>>> when I ask jabber:iq:version to a contact that is invisible, request is
>>>> forwarded to the client. I think it's normal as ejabberd can't know that
>>>> someone is invisible (it's just a privacy list), but what should his
>>>> client do ?
>>>> If it just doesn't answer, I can know he is invisble (if he were really
>>>> offline server would have answerd with a recipient-unavailable error
>>>> message)
>>>>
>>>> the only solution for the client would be to ask server to reply instead
>>>> of the client.
>>>>
>>>> it's of course the same thing for others iq.
>>>>
>>>> So invisible privacy list is useless, it's easy to discover who is
>>>> invisible (ok we need to know the resource, but it's not too hard, it
>>>> never changes)
>>>>       
>>> Why couldnt the client respond with recipient unavailable, just as the
>>> server would?
>>>     
>> http://www.jabber.org/jeps/jep-0186.html#security discusses this.
>>
>> Peter
>>
>>   
> 
> 
> 
> Hi,
> 
>   This is a difference in behavior according to this JEP right ?
> I mean, between an unavailable client and an invisible client.
> 
> Not just for iq , but also for the case of messages when amp is also in
> use , etc.
> So essentially , it might be possible for userA to find out if userB is
> unavailable or invisible using these ..
> Or I am getting the idea wrong ?

The idea is that they should be the same. I'll have to look at it more
to make sure that we're not leaking presence.

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20060822/bf053c2c/smime.bin