[Standards] [Fwd: [Council] meeting minutes, 2007-05-16]
ian.paterson at clientside.co.uk
Sat May 19 08:14:15 UTC 2007
Peter Saint-Andre wrote:
> Better, I think, to randomize the resource identifiers. That makes the
> attack a lot harder, and it is something that's under the user's
> control (just use a client that randomizes the resource identifiers).
Yes you're right. 3920bis should strongly recommend random resource
We agree we typically can't protect presence by encouraging clients to
imitate servers (because we don't want to require canonicalization). So
I think we should avoid giving clients that do not use random resources
a false sense of security. i.e. We should remove all statements similar
to the one below from all RFCs and XEPs:
> How is this for text in the Security Considerations?
> If a connected resource receives a ping request but it does not want
> to reveal its network availability to the sender for any reason (e.g.,
> because the sender is not authorized to know the connected resource's
> availability), then it too MUST reply with a <service-unavailable/>
> error. This consistency between the server response and the client
> response helps to prevent presence leaks.
More information about the Standards