[Standards-JIG] proposed In-Band Registration revisions

Peter Saint-Andre stpeter at jabber.org
Thu Dec 8 17:54:48 UTC 2005


Vinod Panicker wrote:

> OK... considering a hypothetical scenario (which all of you must be
> sick of by now)
> 
> 1 - a at a.com unregisters herself from the server
> 2 - a.com removes a at a.com from all the rosters
> 3 - b at b.com has his girlfriend a at a.com in his roster
> 4 - when a.com is deleting roster entries for a at a.com, b.com is facing
> a network outage, so the presence stanza doesnt get thru
> 5 - result is that b at b.com still sees a at a.com in his roster
> 6 - the next day, b at b.com's wife snaps up the address a at a.com since it
> is so coveted and logs in
> 7 - b at b.com sends some naughty messages to a at a.com (he doesn't see her
> presence since the presence probe would result in an error ofc)
> totally exposing his identity
> 8 - b at b.com gets bobitted (worst case scenario :))
> 
> Maybe this is why I'm so afraid of unregistrations :)

Because you don't want your wife to find out about your girlfriend? That 
seems like a social issue, not a technology issue. :-)

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20051208/551eb047/attachment.bin>


More information about the Standards mailing list