Alexey Nezhdanov wrote:
On Wednesday 09 July 2008 20:33:32 Peter Saint-Andre wrote:Justin Karneges wrote:On Wednesday 09 July 2008 07:55:58 Kevin Smith wrote:On Wed, Jul 9, 2008 at 3:46 PM, Peter Saint-Andre <[EMAIL PROTECTED]>wrote:you also test presence leaks using guessed well-known resources like client names (Psi, Gajim, Miranda, QIP, Adium etc.) or places (Home, Work, School etc.)? I think it could push client authors to use random-generated resource names.I don't understand why this would be something we'd want to push for.Because some people are paranoid?Paranoid people can use as random a resource as they want to - it doesn't mean the rest of us need to :)And a random resource isn't necessary anyway, just good privacy control on the server. (/me still wants a server that will bounce all iqs from people who don't have his presence.)Including directed presence?Why does it matter? Either someone got my presence or he didn't. So he either can query my client for something or he can't.If I am not mistaken - server remembers all presences that it sent to peers so when client disconnects - server automatically send offline presences everywhere it needs to. That of cource includes directed presences.
My point is that the server can't just check the suubscription state in the roster. Also it introduces a good argument for my proposed best practice of sharing presence for ad-hoc chats/interactions:
http://www.xmpp.org/internet-drafts/draft-saintandre-rfc3921bis-05.html#message-chat /psa
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ JDev mailing list FAQ: http://www.jabber.org/discussion-lists/jdev-faq Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [EMAIL PROTECTED] _______________________________________________
