[standards-jig] Security problems with JEP-115

Peter Saint-Andre stpeter at jabber.org
Wed Sep 17 20:18:19 UTC 2003


On Wed, Sep 17, 2003 at 01:41:22PM -0600, Peter Millard wrote:

> Some clients are going to lie, and maybe even allow users to pick what their
> client advertises itself as (like Konquerer and other web browsers do); however,
> do we really care about this slim minority. At the minimum a mention of this
> should be included in the security section.
> 
> FWIW, if a user doesn't want to advertise what client they are using, they
> should be able to turn OFF this broadcast, not just spoof it.

This should be added to the security considerations as well. 

I will confer with Joe Hildebrand about wording when returns from his 
current travels.

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.php




More information about the Standards mailing list