[Standards] [Fwd: [Council] meeting minutes, 2007-05-16]

Kevin Smith kevin at kismith.co.uk
Sat May 19 09:20:23 UTC 2007

On 19 May 2007, at 04:34, Rachel Blackman wrote:
> Consider a <message/> from someone not on your list (it happens,  
> after all).  This <message/> stanza contains caps bits (which can,  
> after all, be put in a message to someone not on your contact  
> list).  You don't have one particular caps#ext node cached, so you  
> send a disco query to them...
> ...and it gets rejected.  You are sad, for now you do not know that  
> the two of you can voice chat.  Woe. :'(

This is one of the examples of why it's good to send directed  
presence when you start a session with someone.

Generally, I agree with Justin about this; bouncing iqs from  
untrusted sources would solve a bunch of problems with presence  
leaks. I think the other option (pick a resource pseudo-randomly so  
the other contact won't be able to guess it) sounds quite a lot like  
security through obscurity.


Kevin Smith
Psi XMPP client project leader - http://psi-im.org

More information about the Standards mailing list