04.02.2011 02:02, Ben Schumacher wrote:
On 1/30/11 8:26 PM, Evgeniy Khramtsov wrote:
What I really don't like in this XEP is that it contradicts the idea
of "keep clients simple". I think we can do the same using
server-side redirects (we have such error type already defined in the
core RFC). In that case a client just need to set a redirect and
his/her contacts should process presence redirects correctly. Also,
redirects can be used for temporary migration and not only for
account removal.
Attempting to "keep clients simple" shouldn't come before all other
considerations. In this case I believe that using a redirect so
greatly complicates the security model (not to mention the server
implementation) that it's necessary to have some work on both sides.
There is a widely held belief among protocol snobs that the email
system's flexibility in this regard leads to a lot of the exploits
that have made it so ripe for abuse.
Being able to balance the work between the server and the client for
XEP-283 means a user still has the ability to maintain their
subscriptions while changing their username but is flexible and
scalable enough to work in a globally federated environment and still
gives the individual the opportunity to review any action before it is
taken.
Blah-blah-blah. Could you please be more specific? Especially for "using
a redirect so greatly complicates the security model".
--
Regards,
Evgeniy Khramtsov, ProcessOne.
xmpp:[email protected].
