[Standards-JIG] Reason for subscription/unsubscription

David Yitzchak Cohen lists+jabber_standards at bigfatdave.com
Fri Jun 18 08:20:18 UTC 2004


On Tue, Jun 15, 2004 at 08:31:18AM EDT, Jacek Konieczny wrote:
> On Tue, Jun 15, 2004 at 02:17:12PM +0200, CORVOYSIER David FTRD/DMI/REN wrote:

> > There seemed to be in the past a way to provide a reason for
> > subscription/unsubscription using the <status> tag. However, in XMPP-IM,
> > it is stated that it should only be allowed for historical reasons:
> [...]
> > 
> > I am not very concerned about being "historical" unless it gets
> > deprecated soon, so:
> > - Is there a more up-to-date way to specify a reason for
> > subscription/unsubscription ?
> > - Has someone plans to define something ? 
> 
> The "reason" may be (and IMHO _will_be_ if still supported by clients)
> abused by spammers. Messages for unknown people may be easily blocked
> using privacy list, but blocking "reasons" (for spammers they
> are no worse than regular messages) is not possible without blocking all
> subscription requests.

You can block subscription requests (or even better, queue them up
somewhere, and let the user browse them all en masse) from unknown people
just the same as blocking messages from unknown people.

> Even if <status/> is not allowed in <presence/> reason of a request may
> be sent in separate <message/> -- the recipient will choose if he wants
> messages from people not in his roster or not.

Sending a separate <message/> to specify the reason for a subscription
request physically separates the subscription request from its reason
without any general way for a client on the other end to reconstruct
the logical connection between the two.  That's Just Plain Bad (TM) :-(

Not only that, but because other IM systems (ICQ, for instance) allow
you to tell a guy why you're asking for a subscription to his presence,
we're destroying functionality that's essential for interoperation.
("I'm sorry, Sir, but Jabber simply doesn't support authorization
request reasons.")

Finally, it's worth noting that blocking SPAM by blocking
reasons is not a viable strategy, since even a rookie SPAMmer
can fool the system: "You've received a subscription request from
come_to_bigfatdave.com_and_win_a_million_dollars_free at bigfatdave.com!
Would you like to authorize this request?"

...so we haven't defeated the SPAMmers, but we have defeated ICQ
interoperability, and we've ambiguated the protocol (since we now don't
know whether a <message/> is _really_ a message, or whether it's meant
to be the reason for a subscription request ... AI clients will try to
solve that ambiguity by trying to "guess," and we already know that the
result won't be perfect) ... but at the end of the day, we haven't even
defeated the blasted SPAMmers, so what have we gained?

Just my two cents,
 - Dave

-- 
Uncle Cosmo, why do they call this a word processor?
It's simple, Skyler.  You've seen what food processors do to food, right?

Please visit this link:
http://rotter.net/israel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20040618/afd34198/attachment.sig>


More information about the Standards mailing list