[Standards-JIG] Re: MUC presence issues
ian.paterson at clientside.co.uk
Fri Oct 6 14:30:29 UTC 2006
Magnus Henoch wrote:
> How about saying that a server must bounce messages of type
> "groupchat" instead of putting them in offline storage? In that way,
> the MUC service will know almost as much as the server about dead
> It seems to me that this doesn't cause any privacy problems that were
> not already present; you could try to use this to try to find out
> whether a particular resource is online, but you can use iq:version
> for the same purpose, and the client would need to defend itself in
> the same way.
Compliant clients SHOULD be defending their users against iq:version
presence leaks (and many more). But clients could not defend their users
against the server presence leak you suggested!
More information about the Standards