[Standards] [Fwd: [Council] meeting minutes, 2007-05-16]
Kevin Smith
kevin at kismith.co.uk
Sat May 19 04:20:23 CDT 2007
On 19 May 2007, at 04:34, Rachel Blackman wrote:
> Consider a <message/> from someone not on your list (it happens,
> after all). This <message/> stanza contains caps bits (which can,
> after all, be put in a message to someone not on your contact
> list). You don't have one particular caps#ext node cached, so you
> send a disco query to them...
>
> ...and it gets rejected. You are sad, for now you do not know that
> the two of you can voice chat. Woe. :'(
This is one of the examples of why it's good to send directed
presence when you start a session with someone.
Generally, I agree with Justin about this; bouncing iqs from
untrusted sources would solve a bunch of problems with presence
leaks. I think the other option (pick a resource pseudo-randomly so
the other contact won't be able to guess it) sounds quite a lot like
security through obscurity.
/K
--
Kevin Smith
Psi XMPP client project leader - http://psi-im.org
More information about the Standards
mailing list