[Standards] pubsub whitelists

Fabio Forno fabio.forno at polito.it
Wed Aug 22 17:06:52 UTC 2007

Peter Saint-Andre wrote:
> Peter Millard originally thought of a pubsub whitelist as the list of
> entities that are subscribed to a node. However, as Joe Hildebrand and
> Matt Yacobucci just pointed out to me, that introduces a security hole
> quite similar to <presence type='subscribed'/> -- that is, the node
> owner can now add you to the subscriber list without your permission
> (introducing all sorts of wonderful spam possibilities). Joe and Matt
> pointed out that the whitelist is more properly a list of entities that
> are allowed to subscribe (or retrieve items) if they want to, not as the
> list of subscribers. This could be managed via node configuration (e.g.,
> a "pubsub#whitelist" node configuration option of type jid-multi). It
> seems important to fix this before we publish version 1.10 of XEP-0060
> so I will work on that here soon.

Not sure about the real danger of this issue. If entity A wants to spam 
entity B, entity A can directly a message to B, so why pass through 
pubsub? The only reason I can image is that B has already blocked A and 
A is finding a new way to reach B, but if A is abusing of the the pubsub 
service it can be easily banned.

Instead eliminating this option implies that it becomes impossible to 
centrally manage the list of subscribers forcing clients to do this (in 
the near future I see many clients able of handling the pubsub <event/> 
  but not all the browse/subscribe stuff).


More information about the Standards mailing list