Alexey Melnikov wrote: > Peter Saint-Andre wrote: > >> This Last Call has ended, with no feedback received. >> >> > The document seems to be in reasonable shape, in particular it talks > about cases when this extension should and should not be used. > One comment about the Security Considerations section: > >> It is RECOMMENDED that only message stanzas containing attention >> extensions from peers on the user's roster are accepted. Finer grained >> control might be implemented. >> > IMHO, this is not a proper security consideration, as it doesn't explain > the reason behind using "RECOMMENDED".
How is this text? "It is RECOMMENDED that a client accept message stanzas containing the attention extension only contacts that are in the user's roster or with whome the user's client is currently sharing directed presence, mainly to prevent the user from being annoyed by attention requests from random entities on the network. A client could implement finer-grained control if desired (e.g., allow attention requests only from entities in a particular roster group)." Peter -- Peter Saint-Andre https://stpeter.im/
