[Standards] Re: [jdev] XEP-0115: Entity Capabilities
Sergei Golovan
sgolovan at nes.ru
Wed Jun 27 04:51:44 CDT 2007
On 6/27/07, Richard Dobson <richard at dobson-i.net> wrote:
> Personally I think the easiest solution to the percieved "security"
> issue (personally im not conviced you can really call it a true security
If user1 is able to break my communications with user2 (by fooling my
client with incorrect capabilities) without requiring of my approval I
would call this a security issue.
> issue) is if you are going to create a long lived cache (i.e. on disk or
> such like) that before you decide on your definative value to cache
> generically (i.e. client/ver) that you use the results from several
> different JIDs (e.g. 3 or 5 or something) and compare them, if they are
There could be a problem with filling the cache with incorrect
information about not-released-yet versions of some client. After the
actual release users will be surprised. (Though this issue arises only
if the cache is persistent.)
> all the same it should be pretty safe to create a generic cache for that
> tuple of client and version, if they dont all agree then you can then
> consider those results and potensially poisoned or buggy and cache using
> the jid/client/version tuple instead, simple and easy, no need to get
> all het up about it.
Looks not 'simple and easy'...
Best wishes!
--
Sergei Golovan
More information about the Standards
mailing list