[Standards] [Fwd: [Council] meeting minutes, 2007-05-16]
Ian Paterson
ian.paterson at clientside.co.uk
Sat May 19 03:14:15 CDT 2007
Peter Saint-Andre wrote:
> Better, I think, to randomize the resource identifiers. That makes the
> attack a lot harder, and it is something that's under the user's
> control (just use a client that randomizes the resource identifiers).
Yes you're right. 3920bis should strongly recommend random resource
identifiers.
We agree we typically can't protect presence by encouraging clients to
imitate servers (because we don't want to require canonicalization). So
I think we should avoid giving clients that do not use random resources
a false sense of security. i.e. We should remove all statements similar
to the one below from all RFCs and XEPs:
> How is this for text in the Security Considerations?
>
> ******
>
[snip]
> If a connected resource receives a ping request but it does not want
> to reveal its network availability to the sender for any reason (e.g.,
> because the sender is not authorized to know the connected resource's
> availability), then it too MUST reply with a <service-unavailable/>
> error. This consistency between the server response and the client
> response helps to prevent presence leaks.
>
> ******
- Ian
More information about the Standards
mailing list