[Standards-JIG] proto-JEP: Smart Presence Distribution

Philipp Hancke fippo at goodadvice.pages.de
Thu May 18 06:29:13 UTC 2006

Richard Dobson wrote:
> Where did we assume the server was evil?, 

Assuming the server is not evil is not interesting.

> and why does it matter if the 
> server knows that you dont want a particular user to receive something 
> you are wanting it to multicast?, 

You're actively exposing your privacy list to the remote server.
If I had been proposing that...

> if you dont trust the server then you 
> would block the whole server by adding it to your privacy list.

Yes. Communicating with a someone from remote domain expresses a high
level of trust.

>> On the other hand, the evil capulets can already guess that Romeo
>> has blocked Gregory if they see successive presence stanzas to
>> Juliet, Nurse, Peter, Sampson, Anthony and Potpan but not Gregory.
> Your point being??

That you are disclosing the privacy list to the remote server each time
you are doing a presence broadcast.
The assumption that your privacy list is something secret is not valid.


More information about the Standards mailing list