On 9/22/05, Tijl Houtbeckers <[EMAIL PROTECTED]> wrote: > On Thu, 22 Sep 2005 22:53:20 +0200, JD Conley <[EMAIL PROTECTED]> > wrote: > > >> > >> This is bad engineering i.t.o. creating undesirable impact on the > > broader > >> Internet. > > > > What is the undesirable impact? . > > It is, at least, a minor security risk.
I disagree that this is a minor security hole. The fact that my JM server can potentially contact two completely different servers for the same JID is a very bad thing. Jabber ID's are designed to be unique, and they should be. This uniqueness is provided by using domain names to help partition off the namespace. What you are essentially doing is flattening this namespace by changing your implementation. ie, when my server contacts [EMAIL PROTECTED], it should NEVER, EVER, try to send that message to [EMAIL PROTECTED] instead. This seems very bad to me. pgm.
