[Standards] XEP-0045: direct invitations

Rachel Blackman rcb at ceruleanstudios.com
Fri Jul 20 08:15:07 UTC 2007


>> I understand why Google Talk has this policy, so I'm not going to  
>> argue
>> them out of it. But it does introduce complications.
>>
>
> *Maybe* we need to consider addressing the valid reasons that  
> Google Talk feels it needs this policy, rather than handling the  
> symptoms of the policy? Can we solve the real problem? i.e. can we  
> create enough anti-spim protocols and/or infrastructure to make  
> Google (and everyone else) confident enough to relax this policy?

How many servers and clients implement privacy lists, or blocklists?   
I would guess that's perhaps the reason Google Talk feels they need  
this policy, given that they welcome people using other XMPP clients  
on their service.

Google Talk is particularly vulnerable as it's a very large target --  
arguably one of the most-prominent XMPP servers on the net, if not / 
the/ most -- and because a person's Gmail address (readily  
harvestable from many places where people post using those) stands a  
good chance of being an active Google Talk JID.

Thus, it's potentially a large SPIM target.  Many targets, plus the  
ready accessibility of harvestable information to put together a list  
of probable targets, is like painting a bulls-eye.

By restricting messages to those already on the list, you make it  
Just Work, rather than having to rely on client implementations of  
blocking.

That would be my guess, anyway.  (Sean?  Anyone?)

-- 
Rachel Blackman <rcb at ceruleanstudios.com>
Trillian Messenger - http://www.trillianastra.com/





More information about the Standards mailing list