[Security] Reminder :: Draft feedback on "C2C authentication using TLS"

Pedro Melo melo at simplicidade.org
Tue Aug 26 04:23:35 CDT 2008


Hi,

On Aug 25, 2008, at 10:18 PM, Dirk Meyer wrote:

> Pedro Melo wrote:
>> I think you should list all that have a chance of completing
>> successfully. If my client support GPG but I didn't gave it my key,  
>> he
>> should not announce it.
>>
>> And yes, as along as no personal, per-user information is sent on the
>> disco#info replies, caps caching should be ok.
>
> But if your client does not support GPG because it does not have the
> key, isn't that user specific. How do clients handle plugins? I mean
> many clients support plugins. If we both have the same clients with
> the same version but I have a plugin installed with a feature you do
> not have, how does caps caching work? Or are plugins added to the ver
> hash?

The hash will be calculated based on features that you advertise, so a  
different set of plugins will give a different hash.

So different set of plugins will be a "different client". But all  
clients with the same set of plugins will still hit the cache.

Best regards,
-- 
Pedro Melo
Blog: http://www.simplicidade.org/notes/
XMPP ID: melo at simplicidade.org
Use XMPP!




More information about the Security mailing list