On 30/04/2008, at 7:39 AM, Peter Saint-Andre wrote:
David Banes wrote:
Just a note that maybe;
5. Security Considerations
should mention privacy and identity theft, this would be one more
piece
of personal information available on the net for bots to grab when
scanning social networking sites.
That wouldn't help a spammer if the URL points to a pubsub node. But I
suppose it might be a problem for MUC rooms and user accounts.
Maybe there should be a recommendation to encode the address?
Like the MD5 hashes that FOAF uses for email addresses?
I'm not familiar with FOAF yet but if they are creating an MD5 of an
address that points to a real mailto: uri to send email then yes that
sounds like a sensible approach.
Personally I think it's the responsibility of those who run the XMPP
network to protect against abusive traffic natively, because people's
JIDs will leak out no matter what we do.
I see your point but coming from a security background I always think
it's much better to design in as much security as you can that's
either mandatory or recommended.
We've moved away from displaying email addresses online to using
contact forms, maybe it's an idea obfuscate IM uri's now rather than
later.
David Banes
web: http://davidbanes.com/
rss: http://www.davidbanes.com/feed/
email: [EMAIL PROTECTED]
xmpp: [EMAIL PROTECTED]
skype: dmbanes
iChat: [EMAIL PROTECTED]
Director & Secretary, Internet Industry Association
------------------------------------------------------------------------------------------------
Email Security by Cleartext a CO2 Free company - www.cleartext.net
------------------------------------------------------------------------------------------------
