[Standards] publish+configure again
mridul at sun.com
Fri Mar 30 18:21:10 UTC 2007
userA at domain/res1 published item1 on node1 and configured as private
userA at domain/res2 published item2 on node1 and configured as public
(does not care, but using pub_conf anyway since that is the 'common code').
item1 & item2 are visible - I think we are going to have leaks more
often with pub+con and not without it : more unintelligent overwriting
of config's is going to happen.
Pedro Melo wrote:
> On Mar 30, 2007, at 12:06 PM, Maciek Niedzielski wrote:
>> People who want publish+configure say that this protects from publishing
>> private information to too big audience. But it doesn't really help! As
> Of course it does. with p+c I have the assurance that the item being
> published will be broadcasted with the settings that I'm sending in the
> same payload.
> What happens after that I don't really care, because the next time I
> need to publish, the configuration will be sent again.
> If PEP implementors feel that this "reconfiguring" is to much work or
> heavy on the server side, then what about if we just say that
> configurations sent with p+c are transient and only apply to that item ?
> would it make it better?
>> Ralph said some time ago, configuration is done per node, not per item.
> Yes, and p+c changes that.
>> So it's pretty naive to think that that publish+configure can make the
>> item 100% safe. You can switch node to whitelist mode and publish your
>> secret item, but a moment later node can be switched to
> Doesn't matter: I'm concerned is that my item gets broadcasted to the
> proper people, not that the node stays properly configured, given that I
> never trust the node configuration.
>> open/presence/etc and your secret information will leak. Why would
>> another client change this? Because - for example - it may want to
>> ensure on start up that node's configuration is the same as last time.
> this is not about start up configuration. it's about clients not
> trusting the current configuration at the moment of publishing.
>> " BTW: We could use PEP for this ;) "
> Love the sig :)
> Best regards,
> --Pedro Melo
> Blog: http://www.simplicidade.org/notes/
> Jabber ID: melo at simplicidade.org
> Use Jabber!
More information about the Standards