[jdev] Presence leak test suite

Peter Saint-Andre stpeter at stpeter.im
Wed Jul 9 11:51:52 CDT 2008

Alexey Nezhdanov wrote:
> On Wednesday 09 July 2008 20:33:32 Peter Saint-Andre wrote:
>> Justin Karneges wrote:
>>> On Wednesday 09 July 2008 07:55:58 Kevin Smith wrote:
>>>> On Wed, Jul 9, 2008 at 3:46 PM, Peter Saint-Andre <stpeter at stpeter.im>
>>> wrote:
>>>>>>> you also test presence leaks using guessed well-known resources like
>>>>>>> client names (Psi, Gajim, Miranda, QIP, Adium etc.) or places (Home,
>>>>>>> Work, School etc.)? I think it could push client authors to use
>>>>>>> random-generated resource names.
>>>>>> I don't understand why this would be something we'd want to push for.
>>>>> Because some people are paranoid?
>>>> Paranoid people can use as random a resource as they want to - it
>>>> doesn't mean the rest of us need to :)
>>> And a random resource isn't necessary anyway, just good privacy control
>>> on the server.  (/me still wants a server that will bounce all iqs from
>>> people who don't have his presence.)
>> Including directed presence?
> Why does it matter? Either someone got my presence or he didn't.
> So he either can query my client for something or he can't.
> If I am not mistaken - server remembers all presences that it sent to peers so 
> when client disconnects - server automatically send offline presences 
> everywhere it needs to. That of cource includes directed presences.

My point is that the server can't just check the suubscription state in 
the roster. Also it introduces a good argument for my proposed best 
practice of sharing presence for ad-hoc chats/interactions:



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20080709/1264092d/attachment-0002.bin>

More information about the JDev mailing list