Apologies for not replying in the thread, I joined the list after it was posted so I'm not sure how to join the thread :)
For some background: I'm part of a team working on a (currently) proprietary XMPP server and client. I have been working on the server side and was responsible for the invisibility implementation. 1. Is this specification needed to fill gaps in the XMPP protocol stack or to clarify an existing protocol? Our service has a requirement to implement invisibility, and the other invisibility specifications are woefully ill-defined compared to this one, so I think it certainly fills a gap. 2. Does the specification solve the problem stated in the introduction and requirements? It appears to, though our experience using it is still limited at this point. 3. Do you plan to implement this specification in your code? If not, why not? We have already implemented it in our server and client. 4. Do you have any security concerns related to this specification? Inadvertently leaking presence is always a concern, but I don't believe there's any easy solution to that. 5. Is the specification accurate and clearly written? Yes, it specifies the rules in enough detail to make implementation relatively straight-forward. There are of course lots of edge cases to handle in other parts of the server code to avoid leaking presence but of course it's not possible for the spec to exhaustively cover those. -K
