[Standards] PubSub Security considerations

Brian Cully bcully at gmail.com
Thu Jun 11 23:20:46 UTC 2009

On Jun 11, 2009, at 11:31, Nicolas Vérité <nicolas.verite at process-one.n 
et> wrote:

> Dear all,
> In the "Security considerations" section of the PubSub spec, shouldn't
> we warn of the possible presence leaks, since subscribers (possibly
> not in the user's roster) are instantly notified of a user's
> publication?

Agreed. This is a subtle condition and should probably be called out.

More information about the Standards mailing list