[Standards] [Fwd: [Council] meeting minutes, 2007-05-16]

Ian Paterson ian.paterson at clientside.co.uk
Sat May 19 09:51:28 UTC 2007


Kevin Smith wrote:
> I think the other option (pick a resource pseudo-randomly so the other 
> contact won't be able to guess it) sounds quite a lot like security 
> through obscurity.

AFAICT, as long as the resource ID is random and long enough (e.g. 128 
bits of entropy), then it is exceptionally secure.

In fact it is far more secure than, for example, the user's password... 
because it is random and long, because it changes with every session, 
and because the only way to discover it would be to sniff the user's 
session (in which case you know the user is online anyway).

Justin Karneges wrote:
> What I'd like to see are servers that will reject inbound iq packets if the 
> other entity does not have your presence.  This would only apply if the 
> inbound iq packet is targetting a typical IM account.  Wouldn't this solve a 
> ton of privacy problems?
>   

IMHO, this would be an unnecessary (assuming we recommend random 
resource IDs) and significant change to the RFC. [And, as Rachel pointed 
out, it would create other problems that clients would have to solve 
(with directed presence?) in order to enable communications between 
non-presence-subscribers.]

It's probably too late and not useful to require large random resource 
IDs, but 3920bis can strongly recommend them while maintaining full 
backwards compatibility.

- Ian




More information about the Standards mailing list