[Security] Reminder :: Draft feedback on "C2C authentication using TLS"
melo at simplicidade.org
Tue Aug 26 04:23:35 CDT 2008
On Aug 25, 2008, at 10:18 PM, Dirk Meyer wrote:
> Pedro Melo wrote:
>> I think you should list all that have a chance of completing
>> successfully. If my client support GPG but I didn't gave it my key,
>> should not announce it.
>> And yes, as along as no personal, per-user information is sent on the
>> disco#info replies, caps caching should be ok.
> But if your client does not support GPG because it does not have the
> key, isn't that user specific. How do clients handle plugins? I mean
> many clients support plugins. If we both have the same clients with
> the same version but I have a plugin installed with a feature you do
> not have, how does caps caching work? Or are plugins added to the ver
The hash will be calculated based on features that you advertise, so a
different set of plugins will give a different hash.
So different set of plugins will be a "different client". But all
clients with the same set of plugins will still hit the cache.
XMPP ID: melo at simplicidade.org
More information about the Security