[Standards] PubSub Security considerations

Brian Cully bcully at gmail.com
Thu Jun 11 18:20:46 CDT 2009


On Jun 11, 2009, at 11:31, Nicolas Vérité <nicolas.verite at process-one.n 
et> wrote:

> Dear all,
>
> In the "Security considerations" section of the PubSub spec, shouldn't
> we warn of the possible presence leaks, since subscribers (possibly
> not in the user's roster) are instantly notified of a user's
> publication?

Agreed. This is a subtle condition and should probably be called out.


More information about the Standards mailing list