[JDEV] General Jabber Questions

Max Horn max at quendi.de
Mon Jul 31 07:19:27 CDT 2000 

At 21:57 Uhr +1000 31.07.2000, Michael Brown wrote:
>Schuyler, thanks for the excellent reply.
>
>I don't quite follow the answer re the "Who is watching me" question though:
>
>I understand that I can check each member of my roster to see if they are
>subscribed to my presence, but what about people who are not on my roster.
>If I have my account set to authorise everyone automatically, then after a
>while  I won't have everyone who has added me to their contact list also
>added to mine, therefore checking my "roster" would only return a subset of
>people who are currently subscribed to my presence information.  I would
>like a query that returned everyone.  Am I missing something?

Yes. Whenever someone subscribes to your presence, he will be put 
*automatically* onto your roster
Whenever you remove someone from you roster, he will be unsubscribed 
*automaticlly*

In fact, due to the way the sytem works, it is *impossible* for 
someone to be subscribed to your presence not to be on your roster. 
Being subscribed always means being on the roster. No exception. This 
is on purpose.


>Also I suspect that the encryption standard is moving too slowly.  There are
>many clients currently being written, and as yet i am still to find on that
>supports encryption.  Unless each client supports the same encryption
>standard from day one, then it is going to end up as a an optional feature,
>and hardly anyone will use it (like email) and once again each message will
>be there in plain text for anyone with a packet sniffer to read.

I agree that a commons system is needed. We work on a standard for 
this, and will hopefully release more information on it soon.

However, this is not as easy as "just adding encryption" to it. There 
are many pitfalls and trouble spots. It is possible, though.


>It is bad
>news just because of the insecure systems that the transports connect to -
>not much we can do about that though.  So much for being able to rely on
>jabber to send creditcard details etc for online shopping etc.  :(

You touch a sport here: communication with other IM systems, like 
ICQ, AIM. As these don't support encrypted messages, they won't be 
able to read yours, so you have to chat with them in plain text. 
Nothing we can do about that.



Bye,

Max
-- 
-----------------------------------------------------------
Max "The Black Fingolfin" Horn
<mailto:max at quendi.de>
<http://www.quendi.de> - please use my guestbook!

More information about the JDev mailing list