R: R: R: [jdev] about spim techniques
Perry Lorier
isomer at coders.net
Sat Aug 27 19:34:23 CDT 2005
> Ear mine idea: user1 want contact user2. User2 don't has user1 in buddylist
> (server side), the xmpp query a central database (distributed in some
> points), if the user1 is spam, then don't forward.
My idea: user1 sends user2 an authreq to add user2 to their buddylist.
user2 has configured user2's client to not allow random people to add
them to her buddy list.
user2's client hash's user1's jid, and sends an <iq> request to everyone
in their list saying "any of you gals know about hash(user1)?" one of
them (user3) replies with "yeah, I know user1, and to prove it, heres
what their jid is.". user2's client pops up a dialog box saying "user1
wants to add you to their contact list. This user is also known by user3.".
This means that within your group of friends someone is likely to know
your friend. Very little information is leaked, by way of a hash. It's
per user, so you don't have to worry about people using j.o to abuse
(spam/phish/whatever), or some other well known server.
It does have the "bootstrap" problem of if I have a new account, and I
don't have any contacts, then nobody will want to add me to their
roster. However user1 could use some out of band system to get someone
else (user2) to add them (user1) to their (user2's) roster, and
bootstrap the system from there (since user1 won't have anyone in their
roster, their client shouldn't limit people trying to add them).
More information about the JDev
mailing list