[Standards-JIG] privacy2 anti-SPIM proto-JEP

Peter Saint-Andre stpeter at jabber.org
Tue Aug 30 14:19:12 UTC 2005

Peter Saint-Andre wrote:

> I just chatted with Ian Paterson about it over IM (what a concept!) and 
> now that he has walked me through the reasoning, I think we probably do 
> need something like his "challenge" action for privacy lists.

Thinking about this some more, I realize that it is possible to define 
the challenge stuff without changing RFC 3921 except to modify the MUST 
NOT in the first paragraph of Section 10.4 to SHOULD NOT or MAY. What 
this enables us to do is to define a challenge-response system on top of 
privacy lists rather than making it part of privacy lists, thus 
minimizing changes to the RFCs (which is always a priority for me). So 
if I instruct my server to challenge senders who are not in my roster, 
that counts as "deny" in jabber:iq:privacy. However, the challenge 
protocol will define what the server must do on my behalf when denying 
the communication. Allow vs. deny is a simple boolean -- either deliver 
it to me or not. But if you don't deliver it, here's what to do 
(challenge the sender) as allowed by jabber:iq:privacy but defined in a 
separate protocol (http://jabber.org/protocol/challenge).


Peter Saint-Andre
Jabber Software Foundation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3511 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20050830/55e94bc7/attachment.bin>

More information about the Standards mailing list