[Standards-JIG] proto-JEP: Smart Presence Distribution

Tijl Houtbeckers thoutbeckers at splendo.com
Wed May 17 13:28:44 UTC 2006


On Tue, 16 May 2006 17:17:33 +0200, JEP Editor <editor at jabber.org> wrote:

> The JEP Editor has received a proposal for a new JEP.
>
> Title: Smart Presence Distribution
>
> Abstract: This document documents the current distribution model for  
> presence and introduces a smart presence distribution strategy to cut  
> down on S2S traffic and load.
>
> URL: http://www.jabber.org/jeps/inbox/smartpresence.html
>
> The Jabber Council will decide within 7 days (or at its next meeting)  
> whether to accept this proposal as an official JEP.
>

If the remote server ever goes out of synch with your own server's  
presence subcription, you'll have a big (undetectable) problem this way.  
This also demonstrates the problem that it's no longer your own server but  
someone else's who is keeping your presence subscriptions. Eg let's say  
you're on server X, and have a contact on server Y. If I have access for 5  
minutes server Y's database I could create a false subscription (on server  
Y) to your presence. Previously this wouldn't do me any good, but now I  
can detect your presence without you knowing it, and without any more  
"proof" than a database entry (no need to run a background program on the  
hacked server or anything like that).

In the least is should be included in the security considerations.





More information about the Standards mailing list