[Standards] [Fwd: [Council] meeting minutes, 2007-05-16]

Ian Paterson ian.paterson at clientside.co.uk
Wed May 30 13:47:38 UTC 2007


Kevin Smith wrote:
> I don't think it would be too onerous to add a protocol which drops iq 
> to full jids for contacts with subscription 'none', and I think this 
> would address all camps' issues.

This doesn't help.

Non-subscribers can discover resource IDs through message exchanges 
(e.g. XEP-0155 Stanza Session Negotiation or XEP-0116 Encrypted Session 
Negotiation), and then perfectly legitimately send iqs to full JIDs 
(e.g. Jingle).

And before anyone says it... many (most?) people don't want to give 
presence subscriptions to everyone they are prepared to accept a voice 
chat with (I certainly don't).

> Gtalk's method works well here, they get the random resources that 
> make server farming easier, and I still get immediately identifiable 
> resources, while ensuring that presence isn't leaked by different 
> replies to iq from server and client, etc.

Yes, any resource will protect against presence leaks as long as it also 
contains sufficent randomness.

- Ian




More information about the Standards mailing list