[jdev] Presence leak test suite

[Peter Saint-Andre]

Alexey Nezhdanov wrote:
> On Wednesday 09 July 2008 20:33:32 Peter Saint-Andre wrote:
>> Justin Karneges wrote:
>>> On Wednesday 09 July 2008 07:55:58 Kevin Smith wrote:
>>>> On Wed, Jul 9, 2008 at 3:46 PM, Peter Saint-Andre <stpeter at stpeter.im>
>>> wrote:
>>>>>>> you also test presence leaks using guessed well-known resources like
>>>>>>> client names (Psi, Gajim, Miranda, QIP, Adium etc.) or places (Home,
>>>>>>> Work, School etc.)? I think it could push client authors to use
>>>>>>> random-generated resource names.
>>>>>> I don't understand why this would be something we'd want to push for.
>>>>> Because some people are paranoid?
>>>> Paranoid people can use as random a resource as they want to - it
>>>> doesn't mean the rest of us need to :)
>>> And a random resource isn't necessary anyway, just good privacy control
>>> on the server.  (/me still wants a server that will bounce all iqs from
>>> people who don't have his presence.)
>> Including directed presence?
> Why does it matter? Either someone got my presence or he didn't.
> So he either can query my client for something or he can't.
> If I am not mistaken - server remembers all presences that it sent to peers so 
> when client disconnects - server automatically send offline presences 
> everywhere it needs to. That of cource includes directed presences.

My point is that the server can't just check the suubscription state in 
the roster. Also it introduces a good argument for my proposed best 
practice of sharing presence for ad-hoc chats/interactions:

http://www.xmpp.org/internet-drafts/draft-saintandre-rfc3921bis-05.html#message-chat

/psa

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://www.jabber.org/jdev/attachments/20080709/1264092d/attachment-0002.bin>