[Standards-JIG] proto-JEP: Smart Presence Distribution
thoutbeckers at splendo.com
Thu May 18 03:00:49 UTC 2006
On Thu, 18 May 2006 02:54:03 +0200, Pedro Melo <melo at co.sapo.pt> wrote:
>> In the current situation, if you have two servers who adhere to
>> protocol, it's always me who decides who sees my presence. Purely by
>> the addition of what's suggested in this JEP that is simply no longer
>> the case.
What you assume is a perfect data set to work with. A perfect history of
events. The situation I'm describing assumes is that *every time*,
*regardless of existing conditions and previous events*, in the current
system, *I* control who gets my presence, as long as -and this is only
required for THAT moment in time- protocol is followed.
With this proposal THAT IS SIMPLY NO LONGER TRUE.
If you are trying to suggest that single condition is equal to your
condition that ever since I added my first contact on that server every
single step of the protocol was followed and there was no external
corruption of any data, and again I add, NO WAY TO VERIFY THIS at any
time, than that is simply a completly unfair comparison.
The first is a reasonable requirment I am willing to to expect from my
contacts. Even if there would be, for example, a hack, the effects would
only be temporary. Even by modifying any of the persistant user data and
that going undetected, they could still not detect my presence afterwards.
The second is completly unreasonable, and in practise, bizarre expectation
to make. Certainly from a security standpoint it is worthless.
> I think that you would agree that if a server follows the current XMPP
> spec in full, a normal user cannot add your JID to his roster, correct?
Mattias brought up an intresting point here. I tried it on an ejabberd
server and indeed I could set a roster item with subscription "both" (and
get back a result with "both"), this was gone when I re-requested the
roster though (back to "none"). I wonder what other servers would do... it
is however not the main point.
But it is a good demonstration of my other points.. while such bugs can be
fixed (if they exist), it is no longer my *own* server and actions
responsible for securing my presence, but the other server. And the result
becomes undetectable (escp if you don't log it) on the remote server,
while on my own it'll just show up on the roster.
Instead of having one server (my own) taking on the biggest burden (making
sure user of the integrety of the presence data for example) and leaving
the easiest of things (routing a packet) the other servers, the roles are
reversed in the proposal. Some of those roles, other servers just can't
do. They can't work with me to make sure they know who should get my
presence, cause I don't talk with them about that.. I can't lock them down
as much as I want, etc. XMPP was simply not designed like that.
> this is what I don't agree. This protocol does not give you a way for a
> third-party to add your JID to his roster.
I never said that. I never said this protocol will h4x0r your server or
anything. I said it creates a big gaping security hole for your presence
data. And it does.
More information about the Standards