Tomasz Sterna wrote: > On Śr, 2007-12-19 at 17:35 -0700, Peter Saint-Andre wrote: >>> You may flood online user with presence-subscriptions, making her go >>> offline to protect from the flood. >> Yes, you may. But I think that's a slightly different problem, which >> should be solved using Privacy Lists > > Why should that involve client reaction? > > Isn't "simple clients, complex servers" actual anymore?
Well, let me qualify what I said. Blocking abusive users can be done via privacy lists. Naturally, it can also be done by a smart server. But a smart server can do all sorts of things that we don't necessarily recommend in the RFCs -- it can block abusive subscription requests, abusive messages, abusive IQs, presence changes that are too frequent, frequent messages to separate recipients, and many other smart behaviors. Maybe this is something we can recommend in XEP-0205 (Best Practices to Discourage Denial of Service Attacks) but I don't think it belongs in the RFC. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
