Jehan wrote: > Hi again, > > Jehan;4925 Wrote: >> Hi, >> 4. Maybe even from people authorized to send this kind of attention, >> there should be some limit? Wouldn't it be an issue if some of my >> contact were sending me a hundred of "attention" and if my screen would >> keep shaking/vibrating/etc.? >> > > Just to be clearer on this point. I saw it was considered in the > "implementation notes" section (just to prevent remarks :p), but I am > pointing it as being a security concern rather that just an > implementation choice. > The same way it can be a problem to get attention from unknown people > (it could be some kind of annoying attack, maybe not really harmful, but > still annoying); even from people you "know", or have had at least some > contact, it can be annoying too if they overdo "attention" queries (and > you don't always know perfectly people in your roster anyway). Hence if > they are able to send you hundreds of attention who shock your display > in a few lapse of time, I would consider this a security concern...
See my previous message with a revised security consideration. > And one last point I forgot in my previous message. When it is said: >> However, since some users might not want this feature to disturb them, >> a client SHOULD allow the user to disable support. >> > > For my own, a better advice is to have it disabled by default (then > without advertise it at this point) and give the possibility to enable > this support, not the opposite as proposed here. Many people may install > a XMPP client without thinking about it and get disturbed when this > happens the first time, especially if they don't know such feature (I > heard some stories of people thinking their computer had an issue for > days, until someone told them it was MSN!). This kind of feature is not > really "major", hence should be only explicitely enabled (like an extra > feature when you know what you are doing). That seems reasonable. How is this text? "Because some users might not want this feature to disturb them, a client MUST either (1) allow the user to disable support or (2) disable the feature by default and process attention requests only if the user has explicitly enabled support." /psa
