[Standards-JIG] rfc3921bis, <iq><service-unavailable/>

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Sun Oct 22 23:31:49 UTC 2006

On Sunday 22 October 2006 6:43 am, Ian Paterson wrote:
> Section 8.1 of RFC3921bis (Inbound Stanzas) simply states that the
> server must "return a <service-unavailable/> stanza error". IMHO, to
> avoid presence leaks the document needs to specify the exact character
> string that the server MUST return. Otherwise it will be difficult for a
> client to pretend to an observant non-subscriber that it is offline (or
> that its user's account may not even exist).

It seems like you could do a timing attack even, by comparing the roundtrip 
for a subscriber vs non-subscriber.

Rather than having to craft the same message as your server would send, or 
having the server reformat one you send, why not have the server respond for 


More information about the Standards mailing list