On Tue Apr 28 12:04:54 2009, Leonid Evdokimov wrote:
Roster v10: [[email protected]]
Roster v20: [[email protected], [email protected]]
Roster v30: [[email protected]]
Hash(Roster v10) == Hash(Roster v30)
And this is okay, since a client that says "I have Hash(Roster v10)"
has the correct roster even if it's actually "Hash(Roster v30)" that
the server has.
I think, this collision contradicts with the letter of the XEP:
| The server MUST ensure that each roster modification will result
in
| a different version and that the version associated with a given
| roster modification will be different from version associated
with any
| previous roster modification for this session
Yes...
So, `Hash(Roster)` recommendation in `Implementation Guidelines`
should
be replaced with something like `Hash(Nonce || Roster)` to follow
the
letter of the XEP. And I see no good reason to use `Hash` if
`Nonce` is
used.
No, I think the text you quote above is wrong.
Once you allow for Hash(Roster), it's possible to basically drop the
requirement for unique "ver" for each roster modification, within a
session or otherwise.
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
