[Standards] UPDATED: XEP-0186 (Invisible Command)

Maciek Niedzielski machekku at uaznia.net
Wed Jan 31 23:52:04 UTC 2007


Peter Saint-Andre wrote:
> Remko Tronçon wrote:
>>> I notice that the security considerations here violate the requirement
>>> in RFC 3920 to reply to IQs of type get or set. We need to figure that
>>> out.
>>
>> Let the server reply to IQs on behalf of the client, as it would when
>> it were offline?
> 
> Yes, I realized that in the middle of the night. :-) If the client is in 
> invisible mode, the server replies to IQ set or get on the client's 
> behalf. But I guess maybe it needs to make an exception if the client 
> sent directed presence? E.g., Jingle uses all IQs and it wouldn't work 
> if you were in invisible mode. Hmmm.

When you send directed presence, you're no longer invisible (to that 
contact), so IQs should be passed to client normally.

BTW: Server should answer to IQ if I am invisible, but it should 
probably let IQ results to reach me.

One more thing about being invisible: Should I be able to see my other 
resource which is invisible? I generally don't use invisibility, so I 
don't know how current implementations (of old presence-invisible or of 
privacy lists) handle this, but it might be good to be able to see 
invisible resources.
There are at least two reasons why I'd like to see my invisible resources:
1. If we allow server to reply IQs sent to invisible contacts, I won't 
be able to - for example - remotely turn invisibility off.
2. If my server doesn't allow me to use resource requested during 
resource binding, I may not even know where to sent the IQ.

-- 
Maciek
  xmpp:machekku at uaznia.net



More information about the Standards mailing list