[standards-jig] Discussion on JEP-0016: Server-Based Privacy Rules

Dave Smith dizzyd at jabber.org
Sat Jan 19 16:18:42 UTC 2002


On Fri, Jan 18, 2002 at 11:20:22PM -0500, mlin at mlin.net wrote:
> So the real question I have is that if, as you say, we accept that the 
> blocking mechanism is just a virtualization that is trivial to circumvent, 
> is it necessary to have a transport-layer facility for it? What real 

Huh?! In all the Jabber servers that I'm aware of, packets inbound from
other hosts _must_ go through some sort of session state manager. As
such, it is non-trivial to circumvent blacklisting -- and there's
certainly no need to implement the blacklisting at the transport layer.

> advantage, weighed against the additional computational cost to the 
> server, does doing this on the server side provide vs. simply ignoring the 
> packets in the UI and denying presence subscription? I guess you can make 

*sigh*. Moving computation load out to the fringe of the network is not
always the Right Way to increase scalability. Sometimes, you have to
take a (so-called) scalability hit to increase functionality. In this
case, I don't believe that blacklisting significantly increases the load
on the server. Even if it does, the server that you run doesn't
necessarily have to provide that capability -- you can just make client
who use your server do the filtering themselves. 

> bandwidth and thin client arguments...but these are always weak arguments 
> IMHO.

Well, you aren't deploying multi-million dollar wireless systems based
on Jabber, are you? :) 

> From the historical perspective, I think that if the "server-side 
> user-level block" were really a viable way to solve any real problems, we 
> would see it in sendmail and IMAP/POP, which we eminently do not.

Nonsense. Just because it hasn't been done before doesn't make it a bad idea.

What is most important about this JEP, is not scalability impacts -- it
is the standardization of how sever-side blacklisting will be done. The
fact of the matter is that I know several very large companies who are
deploying Jabber and most (if not all) have asked for server-side
blacklisting. For better or worse, blacklisting will happen on the
server.

Diz




More information about the Standards mailing list