Hi, On Tue, 22 Sep 2009 04:11:57 +0300, Peter Petrov <[email protected]> wrote: > > Agreed, there are valid use-cases for the subscription option as well. Both > approaches should probably be standardized, as the node config option is a > must. There are certain situations when temporary subscriptions are the > only > sane kind of subscription. More precisely, these are the situations where a > part of the JID is randomly generated and therefore transient - so we can't > expect this JID to ever appear again after going offline. One such > situation > is when using SASL ANONYMOUS.
Yep for this specific case, a pubsub subscription should be by default (I even mean obligatory!) temporary. - First you don't want a node to contain useless subscriptions (it may always have: people not using their account anymore but having kept node subscriptions for instance. You cannot do anything for this. Yet the anonymous one should be easier to avoid). - Worse, imagine someone get the same temporary JID through SASL ANONYMOUS as someone else who subscribed to a lot of nodes when he was also using SASL ANONYMOUS (SASL ANONYMOUS does not guarantee that the JID you get for the time of your connection has never been given in the past, or will never be in the future). You would not want this new connection to receive all publications from nodes he/she never subscribed to. In fact this point is true for anything which enables any kind of subscription or data saving using a temporary JID. For instance imagine you are discussing with someone using a temporary JID, then you continue to send private information later (you don't know your contact was using a temporary JID), stored as offline message. Or even you "see" the contact because you had added you to your roster, but it isn't him/her anymore (though the other one impersonates him). Anyway this is dangerous and I think that whatever is done using SASL ANONYMOUS should be undone obligatory once the connection is finished, by a way or another. I see the "4. Security Considerations" section of XEP-0175 is empty, though I guess there are many stuffs, privacy as well as security concerns, to add here. To come back to the specific issue of temporary pubsub subscription with SASL ANONYMOUS. The problem is that a pubsub server does not "know" when you are using a transient JID (as one can read on XEP-0175, a randomly generated JID has nothing particular to identify it as being transient). So should it be the responsability of the user's client to make the subscription "temporary" automatically (without user's action) when the user subscribes while anonymously connected? Should the server's user (which "knows" as it generated this JID) modify any transiting subscription query to make it temporary (but then adding a duty of processing on the server, which may not be very suitable)? Or should there be something added to the XEP-0175 to identify a temporary JID (how? I don't know), so that the pubsub server (and any other service) "knows" that your subscription or whatever else you do with this JID is temporary. This last solution would look the best to me, if I could see any way to do such a thing (but a random JID is still a normal JID). > Another is when the client connects without > specifying a resource - in this case some (all?) servers generate a random > resource server-side. When subscribing to a pubsub node, you can specify a full or a bare JID as the subscriber. Usually the obvious default from any client is to provide the bare jid, unless you change it explicitely by your full jid (but which client allows this? In Gajim or Psi for instance, I don't think you can do this, as far as I have seen). So having a random resource is not a problem here as it is not taken into account in typical subscription. Bye. Jehan -- Que la Sainte Marmotte soit avec moi! Pour me contacter: IM: [email protected] email: [email protected] http://jehan.zemarmot.net
