[Standards] RFC vs privacy lists

Yann Leboulanger asterix at lagaule.org
Wed Apr 27 19:19:36 UTC 2011


On 04/27/2011 09:04 PM, Kim Alvefur wrote:
>
>> Let's say I configure a list to block all IQ for jid with
>> subscription=none (nice anti-spam rule).
>> Now I don't get any iq answer to, let's say, disco#info on my server.
>> That's normal because RFC [1] says that "Privacy lists MUST be the first
>> delivery rule applied by a server, superseding ..."
>>
>> But RFC also says that every IQ MUST have an answer...
>
> It would make more sense to only block/apply lists to<iq type=get|set />  or at least have different rules for get|set and result|error
>

If a user setup this rule it's because he doesn't want spam. And if 
server don't block result|error, user can be spammed of iq result for ex

A solution could be to have a sort of firewall in the server: if I send 
an iq get|set with id=XXX, server will allow the result with the same 
ID, but I don't know if it's really doable for servers ...

-- 
Yann



More information about the Standards mailing list