[Council] meeting agenda, 2005-11-30

Ian Paterson ian.paterson at clientside.co.uk
Wed Nov 30 07:14:41 CST 2005

Hi guys,

Although I'm OK with all the changes to Disco, there are points I'd like
to raise:

1. Is the behaviour described in lines 295 and 423 (see CVS diff link
below) only for cases where bare JIDs are queried without a node? If so,
perhaps those paragraphs should make that clear? The door will then be
left open for future JEPs to specify different (optional) server
behaviours when specific nodes of bare JIDs are queried. JEP-0030 could
specify what the server should do if it receives a bare JID query for a
node it does not understand.

2. I'd like the JEP to specify what a server should do when it receives
a *disco#items* request for an account that does not exist from an
entity that is not explicitly trusted (e.g., a server in a trusted
network). To prevent directory harvest attacks that should be an empty
result set. (I'm concerned that unless this is made explicit, some
implementations may respond with a <service-unavailable/> error whenever
an account doesn't exist.)

3. For my information only, why was this 'informative' phrase inserted?
"although the primary use of nodes is as Items Nodes rather than as info




More information about the Council mailing list