[standards-jig] JEP:0015 Account Transfer

David Waite mass at akuma.org
Thu Jan 24 02:49:15 UTC 2002


----- Original Message -----
>From: "Casey Crabb" <debug at nafai.dyndns.org>
> The part that I don't see how to do with a custom account-transfer
> client is telling people who are subscribed to your presence to change
> their pointers without user intervention. If there is a way to do this
> pre-existing in the protocol the rest should be relatively easy. How can
> you update someone else's roster to change your old jid to your new jid?

The real question is - how do you do this securely? Imagine someone hacking
a server, and transferring every user account to a different server. Now,
imagine this is transparent to users on both this and other servers, and
thus they don't even know that they are now talking to a different person
than they were before.

There are technical reasons why implementing account transfers is hard - but
the difficulty in doing it in a manner that couldn't be exploited is the
reason there is no automated way to do it.

-David Waite




More information about the Standards mailing list