[Security] Reminder :: Draft feedback on "C2C authentication using TLS"

Pedro Melo melo at simplicidade.org
Mon Aug 25 05:28:02 CDT 2008


On Aug 25, 2008, at 11:24 AM, Jonathan Schleifer wrote:

> Am 25.08.2008 um 12:17 schrieb Pedro Melo:
>
>> My point was not about the namespace (I just copied and pasted from  
>> the previous example) but making sure that we don't start placing  
>> per-user information on disco#info replies, something that will  
>> break Caps caching.
>
>
> I thought like this: We list all our client supports there. That  
> won't break caps caching. But we should NOT only list the one we  
> prefer there or something like that! We should list all we support.

I think you should list all that have a chance of completing  
successfully. If my client support GPG but I didn't gave it my key, he  
should not announce it.

And yes, as along as no personal, per-user information is sent on the  
disco#info replies, caps caching should be ok.

Best regards,
-- 
Pedro Melo
Blog: http://www.simplicidade.org/notes/
XMPP ID: melo at simplicidade.org
Use XMPP!




More information about the Security mailing list