[standards-jig] Discussion on JEP-0016: Server-Based Privacy Rules

Mike Lin mlin at mlin.net
Tue Jan 22 01:43:33 UTC 2002


DS: I see that I misread your original statement. Yes, people can
make up new JIDs that can then be used to bypass the previous blacklist.
In answer to this, I would suggest that we provide a whitelist
alternative that (for instance) woudl only allow presence subscription
requests through. This would be a giant step forward in solving the
"new-id" problem. Would it provide 100% converage? No. But it
(blacklisting/whitelisting) would provide a valuable feature that many
people have asked for.

ML: I will agree that whitelists are a viable solution to the problem
domain we have defined: elimination of unwanted packets transferred to a
bandwidth-limited device where the sources of all useful packets are
known in advance. I think that this is a much narrower problem domain
than JEP-0016 attempts to address, and moreover one that JEP-0016 does
not usefully address at all in its present form.

DS: Agreed. However, what is your proposition for testing the
We certainly can't stick it into only the .org server and make a
conclusion from that -- I can tell you from experience that the .org
server has a sufficient amount of other bottlenecks that it would be
next to impossisble to make a meaningful determination based on a
sampling of .org server only. I am open to testing it though.

ML: I will concede that my argument at this point is less about
scalability and more about simple ineffectiveness of the blacklist
"feature". That stated, I will offer a loose and informal suggestion -
surely you have run acid tests to max out JCS? Add the feature and see
what effect it has. At least from what I have seen here (I readily
concede I do not know much firsthand experience with scalability
testing) this is a common methodology to test LAMP
(Linux/Apache/MySQL/PHP), WebSphere, and the like. Obviously it requires
a nontrivial amount of equipment to max out a high speed connection and
a good server machine. I have not seen this done on jabberd personally
but surely devising such a test would be useful for the future.

DS: Hmm. I'm trying to not be so hasty as I was this morning (be like
Treebeard!). However, what I'm hearing is, "Let's not worry about
blacklisting since other people (who are smarter and richer) haven't
been able to solve it..." Are you saying something like that or...?

ML: This reexpression is not factually inaccurate but I think it is a
mischaraterization of what I am trying to say. Given infinite time and
engineering resources, it would be great to go out and solve all these
problems that have been unsolved by those without such divine powers,
and build a perfect system. We do not possess such infinite time and
resources. The corollary, then, is that we should not concern ourselves
with blacklisting because other people (who are smarter and richer)
haven't been able to solve it, and there are more important and more
apparently solvable problems on which we should be expending our limited
time and resources. I am merely advocating that we pick the
lowest-hanging fruit.

I do not object to JEP-0016 forcefully enough to vote it down in its
present form if it is really wanted so badly. I merely point out that
the "feature" is unnecessary and potentially counterproductive. I don't
mean to be trying to censor or otherwise hinder people who are working
on the old, really hard, largely unsolved problems. This work should
continue in the forums where it is appropriate. In the immediate term, I
think the window of opportunity is quickly closing for our community to
solve the new, pretty hard, but probably solvable problems (which I and
others have been describing on JDEV and JNG-JIG in the past few weeks)
before certain corporations that are more focused.

DS: I, for one, am very pro-black/white-listing  simply because it's a
that people have been asking for. Based on that, we should make a best
effort to provide the feature and move on. It may not be perfect, but it
will solve 80% of the problem.

ML: In any case I think my position is no more questionable than the
proposition that we should implement the blacklist feature because it
has been requested by a lot of people. In all likelihood, they have not
thought it through in the detail that we have here. I don't want to put
words in other people's mouths, but it seems that our discussion has
generated at least a tacit consensus among reasonable people that the
blacklist "feature", as proposed in JEP-0016, does not really achieve
anything more useful than can be done without it.


More information about the Standards mailing list