[Standards-JIG] Re: MUC presence issues

Ian Paterson ian.paterson at clientside.co.uk
Fri Oct 6 14:30:29 UTC 2006


Magnus Henoch wrote:
> How about saying that a server must bounce messages of type
> "groupchat" instead of putting them in offline storage?  In that way,
> the MUC service will know almost as much as the server about dead
> clients.
>
> It seems to me that this doesn't cause any privacy problems that were
> not already present; you could try to use this to try to find out
> whether a particular resource is online, but you can use iq:version
> for the same purpose, and the client would need to defend itself in
> the same way.
>   

Compliant clients SHOULD be defending their users against iq:version 
presence leaks (and many more). But clients could not defend their users 
against the server presence leak you suggested!

- Ian




More information about the Standards mailing list