[Standards-JIG] Re: Proposal for a solution to transport rosters

maqi at jabberstudio.org maqi at jabberstudio.org
Sun Sep 5 11:40:58 UTC 2004


On Sun, 5 Sep 2004, James Bunton wrote:

>> Even if you want to go the Informational JEP route, I still think modifying
>> the server would be worthwhile.  Just give a patch to Matthias, and release
>> jabberd 1.4.4.  It shouldn't be that difficult.
> I don't understand why modifying the server would be useful.

Because we don't need to modify the clients then ;-).

> The user needs to give permission for the roster import to go ahead

Typically, a user already expresses his trust in a transport as soon as he
acks the transport's subscription request. Even in the case the user
accidentally accepted a subscription request of a malicious server, the
real damage this server can do then is about zero as it only can
insert/remove contacts with the malicious server's host JID part. There
are simpler ways to annoy Jabber users ;-).

Regards



More information about the Standards mailing list