[Standards] LAST CALL: XEP-0224 (Attention)

Peter Saint-Andre stpeter at stpeter.im
Wed Nov 12 21:27:30 UTC 2008

Alexey Melnikov wrote:
> Peter Saint-Andre wrote:
>> This Last Call has ended, with no feedback received.
> The document seems to be in reasonable shape, in particular it talks
> about cases when this extension should and should not be used.
> One comment about the Security Considerations section:
>> It is RECOMMENDED that only message stanzas containing attention
>> extensions from peers on the user's roster are accepted. Finer grained
>> control might be implemented.
> IMHO, this is not a proper security consideration, as it doesn't explain
> the reason behind using "RECOMMENDED".

How is this text?

"It is RECOMMENDED that a client accept message stanzas containing the
attention extension only contacts that are in the user's roster or with
whome the user's client is currently sharing directed presence, mainly
to prevent the user from being annoyed by attention requests from random
entities on the network. A client could implement finer-grained control
if desired (e.g., allow attention requests only from entities in a
particular roster group)."


Peter Saint-Andre

More information about the Standards mailing list