[standards-jig] Security problems with JEP-115
stpeter at jabber.org
Wed Sep 17 20:18:19 UTC 2003
On Wed, Sep 17, 2003 at 01:41:22PM -0600, Peter Millard wrote:
> Some clients are going to lie, and maybe even allow users to pick what their
> client advertises itself as (like Konquerer and other web browsers do); however,
> do we really care about this slim minority. At the minimum a mention of this
> should be included in the security section.
> FWIW, if a user doesn't want to advertise what client they are using, they
> should be able to turn OFF this broadcast, not just spoof it.
This should be added to the security considerations as well.
I will confer with Joe Hildebrand about wording when returns from his
Jabber Software Foundation
More information about the Standards