[Standards-JIG] Re: MUC presence issues
Ian Paterson
ian.paterson at clientside.co.uk
Fri Oct 6 09:30:29 CDT 2006
Magnus Henoch wrote:
> How about saying that a server must bounce messages of type
> "groupchat" instead of putting them in offline storage? In that way,
> the MUC service will know almost as much as the server about dead
> clients.
>
> It seems to me that this doesn't cause any privacy problems that were
> not already present; you could try to use this to try to find out
> whether a particular resource is online, but you can use iq:version
> for the same purpose, and the client would need to defend itself in
> the same way.
>
Compliant clients SHOULD be defending their users against iq:version
presence leaks (and many more). But clients could not defend their users
against the server presence leak you suggested!
- Ian
More information about the Standards-JIG
mailing list