[jdev] Presence leak test suite
stpeter at stpeter.im
Wed Jul 9 11:51:52 CDT 2008
Alexey Nezhdanov wrote:
> On Wednesday 09 July 2008 20:33:32 Peter Saint-Andre wrote:
>> Justin Karneges wrote:
>>> On Wednesday 09 July 2008 07:55:58 Kevin Smith wrote:
>>>> On Wed, Jul 9, 2008 at 3:46 PM, Peter Saint-Andre <stpeter at stpeter.im>
>>>>>>> you also test presence leaks using guessed well-known resources like
>>>>>>> client names (Psi, Gajim, Miranda, QIP, Adium etc.) or places (Home,
>>>>>>> Work, School etc.)? I think it could push client authors to use
>>>>>>> random-generated resource names.
>>>>>> I don't understand why this would be something we'd want to push for.
>>>>> Because some people are paranoid?
>>>> Paranoid people can use as random a resource as they want to - it
>>>> doesn't mean the rest of us need to :)
>>> And a random resource isn't necessary anyway, just good privacy control
>>> on the server. (/me still wants a server that will bounce all iqs from
>>> people who don't have his presence.)
>> Including directed presence?
> Why does it matter? Either someone got my presence or he didn't.
> So he either can query my client for something or he can't.
> If I am not mistaken - server remembers all presences that it sent to peers so
> when client disconnects - server automatically send offline presences
> everywhere it needs to. That of cource includes directed presences.
My point is that the server can't just check the suubscription state in
the roster. Also it introduces a good argument for my proposed best
practice of sharing presence for ad-hoc chats/interactions:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
More information about the JDev