[Standards-JIG] Re: Re: Proposal for a solution to transport rosters

Nolan Eakins sneakin at semanticgap.com
Mon Sep 6 06:09:33 UTC 2004

maqi at jabberstudio.org wrote:
> On Sun, 5 Sep 2004, James Bunton wrote:
> Typically, a user already expresses his trust in a transport as soon as he
> acks the transport's subscription request. Even in the case the user
> accidentally accepted a subscription request of a malicious server, the
> real damage this server can do then is about zero as it only can
> insert/remove contacts with the malicious server's host JID part. There
> are simpler ways to annoy Jabber users ;-).

As soon as you register with a transport you've expressed quite a bit of
trust in it. It wouldn't take much for a malicious transport to log your
AIM screenname and password, and then do whatever it pleases with it. If
you want trust, I would suggest sticking to transports connected to the
server you're connected to.

- Nolan


More information about the Standards mailing list