[standards-jig] Discussion on JEP-0016: Server-Based Privacy Rules

mlin at mlin.net mlin at mlin.net
Sun Jan 20 03:33:31 UTC 2002

ten 100K packets that you are trying to block is a denial of service 
attack. any halfway competent attacker will make up a new username. yikes 

will think about whitelists more carefully tomorrow.


"Peter Millard" <me at pgmillard.com>
Sent by: standards-jig-admin at jabber.org
01/19/2003 09:34 PM
Please respond to standards-jig

        To:     <standards-jig at jabber.org>
        Subject:        Re: [standards-jig] Discussion on JEP-0016: Server-Based Privacy Rules

mflin wrote:

> If you go back and read the earlier messages, x-virge and I both point 
> that the blacklist is trivial to circumvent. Make up a new username or
> cycle the DHCP on your local server, and you have a new JID to play 
> In this sense, the feature is just a virtualization and it is irrelevant
> whether it is performed on the client or the server. The bandwidth
> argument fails because the blacklist can be circumvented so easily 
> way.

I would totally agree that a simple blacklist mechanism can easily be
circumvented, but a whitelist can not. However, if I block some looser kid
who is sending me msgs, or a spammer, they are unlikely to get a new 
just becuase they are getting bounced messages from me.

Perhaps you don't realize the full extent of the bandwidth issue because
you're not working with super thing clients.. Imagine someone I blocked
sending me ten 100K packets to my pager, or my cell phone. YIKES!

Peter M.

Standards-JIG mailing list
Standards-JIG at jabber.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20020119/57a2773f/attachment.html>

More information about the Standards mailing list