[Standards] [Fwd: [Council] meeting minutes, 2007-05-16]
ian.paterson at clientside.co.uk
Wed May 30 13:47:38 UTC 2007
Kevin Smith wrote:
> I don't think it would be too onerous to add a protocol which drops iq
> to full jids for contacts with subscription 'none', and I think this
> would address all camps' issues.
This doesn't help.
Non-subscribers can discover resource IDs through message exchanges
(e.g. XEP-0155 Stanza Session Negotiation or XEP-0116 Encrypted Session
Negotiation), and then perfectly legitimately send iqs to full JIDs
And before anyone says it... many (most?) people don't want to give
presence subscriptions to everyone they are prepared to accept a voice
chat with (I certainly don't).
> Gtalk's method works well here, they get the random resources that
> make server farming easier, and I still get immediately identifiable
> resources, while ensuring that presence isn't leaked by different
> replies to iq from server and client, etc.
Yes, any resource will protect against presence leaks as long as it also
contains sufficent randomness.
More information about the Standards