[Standards-JIG] proto-JEP: Smart Presence Distribution

Tijl Houtbeckers thoutbeckers at splendo.com
Thu May 18 03:00:49 UTC 2006


On Thu, 18 May 2006 02:54:03 +0200, Pedro Melo <melo at co.sapo.pt> wrote:

>> In the current situation, if you have two servers who adhere to  
>> protocol, it's always me who decides who sees my presence. Purely by  
>> the addition of what's suggested in this JEP that is simply no longer  
>> the case.
>
> No.

YES.
What you assume is a perfect data set to work with. A perfect history of  
events. The situation I'm describing assumes is that *every time*,  
*regardless of existing conditions and previous events*, in the current  
system, *I* control who gets my presence, as long as -and this is only  
required for THAT moment in time- protocol is followed.

With this proposal THAT IS SIMPLY NO LONGER TRUE.

If you are trying to suggest that single condition is equal to your  
condition that ever since I added my first contact on that server every  
single step of the protocol was followed and there was no external  
corruption of any data, and again I add, NO WAY TO VERIFY THIS at any  
time, than that is simply a completly unfair comparison.

The first is a reasonable requirment I am willing to to expect from my  
contacts. Even if there would be, for example, a hack, the effects would  
only be temporary. Even by modifying any of the persistant user data and  
that going undetected, they could still not detect my presence afterwards.

The second is completly unreasonable, and in practise, bizarre expectation  
to make. Certainly from a security standpoint it is worthless.

> I think that you would agree that if a server follows the current XMPP  
> spec in full, a normal user cannot add your JID to his roster, correct?

Mattias brought up an intresting point here. I tried it on an ejabberd  
server and indeed I could set a roster item with subscription "both" (and  
get back a result with "both"), this was gone when I re-requested the  
roster though (back to "none"). I wonder what other servers would do... it  
is however not the main point.

But it is a good demonstration of my other points.. while such bugs can be  
fixed (if they exist), it is no longer my *own* server and actions  
responsible for securing my presence, but the other server. And the result  
becomes undetectable (escp if you don't log it) on the remote server,  
while on my own it'll just show up on the roster.

Instead of having one server (my own) taking on the biggest burden (making  
sure user of the integrety of the presence data for example) and leaving  
the easiest of things (routing a packet) the other servers, the roles are  
reversed in the proposal. Some of those roles, other servers just can't  
do. They can't work with me to make sure they know who should get my  
presence, cause I don't talk with them about that.. I can't lock them down  
as much as I want, etc. XMPP was simply not designed like that.

> this is what I don't agree. This protocol does not give you a way for a  
> third-party to add your JID to his roster.

I never said that. I never said this protocol will h4x0r your server or  
anything. I said it creates a big gaping security hole for your presence  
data. And it does.






More information about the Standards mailing list