[standards-jig] JEP:0015 Account Transfer

Iain Shigeoka iainshigeoka at yahoo.com
Fri Jan 25 16:39:46 UTC 2002

On 1/24/02 12:14 PM, "Casey Crabb" <debug at nafai.dyndns.org> wrote:

> On Thu, 2002-01-24 at 15:13, Iain Shigeoka wrote:
>> Am I making sense or am I missing it?
> Yes; because you need to have an account on newserver before you can
> transfer the account. Both the oldaccount and newaccount must pre-exist
> before transferring. The account transfer does not create new accounts.
> Therefore the DOS is really in allowing new accounts to be created on

Ah.  I see.  For some odd reason that part didn't register with me.  I was a
bit fixated on the JEP.  This requirement of newaccount already existing,
significantly reduces the scope of what the transfer protocol does.  It
doesn't seem to be much of a threat.  :)

However, the JEP does not specify the protocol that way.  It definitely has
newaccount created on the server by the server hosting newaccount.  Thus the
old server is creating accounts on other servers, then transferring the
account.  I'll quote from the first line in the Protocol Example section:

The server would then try to go and create that account. If successful in
creating that account then it first transfers the roster of...

The JEP specifies that the server is doing everything including creating the
new account on the new server.   This creates the threat that I was worried
about.  If the process is as you state (the client must create new account
on the new server then have the old server transfer the account contents to
the new server) I think you need to edit the JEP to match...

Although without completely automating the process, the transfer protocol's
scope is greatly reduced and starts to bring up the question of if its worth
it to make standard protocol for it.  A client could do the same without any
new protocol...


Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

More information about the Standards mailing list