On Aug 26, 2014, at 7:55 AM, Simon McVittie <[email protected]> wrote:
> On 26/08/14 15:10, Kevin Smith wrote: >> 30 says not to reply with disco to entities not authorised for your presence. > > Should the server follow this pseudocode for a disco instead? > > if target JID is bare: > # any IQ to user@host is expected to be replied to by the server > reply to it on the user's behalf, describing features of the > server and the account (but nothing about the logged-in > resources on that account, if any) JID existence leak. > > else if peer is authorized to see user's presence: > # any IQ to user@host/resource is expected to be replied to > # by that resource > forward message to the named resource so it can respond > > else: > <service-unavailable/> > > Regards, > S >
