[Standards] UPDATED: XEP-0186 (Invisible Command)

Mridul mridul at sun.com
Thu Feb 1 01:48:42 UTC 2007


Peter Saint-Andre wrote:
> Remko Tronçon wrote:
>>> I notice that the security considerations here violate the requirement
>>> in RFC 3920 to reply to IQs of type get or set. We need to figure that
>>> out.
>>
>> Let the server reply to IQs on behalf of the client, as it would when
>> it were offline?
>
> Yes, I realized that in the middle of the night. :-) If the client is 
> in invisible mode, the server replies to IQ set or get on the client's 
> behalf. But I guess maybe it needs to make an exception if the client 
> sent directed presence? E.g., Jingle uses all IQs and it wouldn't work 
> if you were in invisible mode. Hmmm.
>
> Peter
>

Hi,
  Since invisibility is not same as blocking - entity should be 
reachable by directed message/presence/iq.
If client does not want to handle the iq, it could possibly respond with 
a service-unavailable like how the server would in case the client was 
not connected ...
Without blocking invisibility is not easy to achieve: to discover 
presence, sender just needs to send a message with amp extensions 
present which will cause the server to exhibit different behavior if 
user is online/offline.

Regards,
Mridul



More information about the Standards mailing list