[Standards] publish+configure again

Pedro Melo melo at simplicidade.org
Fri Mar 30 11:28:41 UTC 2007


On Mar 30, 2007, at 12:06 PM, Maciek Niedzielski wrote:

> People who want publish+configure say that this protects from  
> publishing
> private information to too big audience. But it doesn't really  
> help! As

Of course it does. with p+c I have the assurance that the item being  
published will be broadcasted with the settings that I'm sending in  
the same payload.

What happens after that I don't really care, because the next time I  
need to publish, the configuration will be sent again.

If PEP implementors feel that this "reconfiguring" is to much work or  
heavy on the server side, then what about if we just say that  
configurations sent with p+c are transient and only apply to that  
item ? would it make it better?

> Ralph said some time ago, configuration is done per node, not per  
> item.

Yes, and p+c changes that.

> So it's pretty naive to think that that publish+configure can make the
> item 100% safe. You can switch node to whitelist mode and publish your
> secret item, but a moment later node can be switched to

Doesn't matter: I'm concerned is that my item gets broadcasted to the  
proper people, not that the node stays properly configured, given  
that I never trust the node configuration.

> open/presence/etc and your secret information will leak. Why would
> another client change this? Because - for example - it may want to
> ensure on start up that node's configuration is the same as last time.

this is not about start up configuration. it's about clients not  
trusting the current configuration at the moment of publishing.

>                                " BTW: We could use PEP for this ;) "

Love the sig :)

Best regards,
Pedro Melo
Blog: http://www.simplicidade.org/notes/
Jabber ID: melo at simplicidade.org
Use Jabber!

More information about the Standards mailing list