[Standards-JIG] Re: Proposal for a solution to transport rosters

Magnus Henoch mange at freemail.hu
Sun Sep 5 12:37:45 UTC 2004


maqi at jabberstudio.org writes:

> On Sun, 5 Sep 2004, Magnus Henoch wrote:
>> 4b. User's client supports this protocol.  User's client includes
>> either <import/> or <no-import/> element in response.
>> <presence from="juliet at capulet.com/balcony" to="msn.capulet.com"
>>   type="subscribed">
>>   <no-import xmlns="http://jabber.org/protocol/import"/>
>> </presence>
>
> I don't think in practice there's a situation for which a user says "Ok,
> this transports may subscribe to my presence, but I don't trust it really
> so I don't grant import capabilities".

True.  My thought was
import_privileges = server_trusts_transport ? !user_deny : user_approve;
but maybe being able to deny is overkill.

Being able to deny untrusted transports is essential, as any entity
could send such a presence stanza, but that could be signalled by the
absence of an <import/> element.

>> What do you think about this?
>
> I think this is too complicated. Also, I don't see the real benefit (or
> did I misunderstand anything?).

This is more complicated than James' proposal, but on the other hand
it puts this complication on the server and the transport, instead of
on the client.  No client modification is necessary, except to approve
remote transports.  It also avoids a roundtrip, as imported contacts
don't have to be sent first to the client, and then back to the
server.

Magnus




More information about the Standards mailing list