Regarding the server response to an inbound presence probe, Section
4.3.2 of 3921bis currently reads as follows:
******
2. Else, if the contact has no available resources, then the server
SHOULD reply to the presence probe by sending to the user the
full XML of the last presence stanza of type "unavailable"
received by the server from the contact (however, the server MAY
opt to not reply at all).
******
There are two issues I'd like to bring up:
a. My sense of existing implementations is that people would prefer a
definitive answer to the probe (i.e., <presence type='unavailable'/>).
Therefore I would like to change "SHOULD reply with unavailable but MAY
opt to not reply at all" to "MUST reply with unavailable".
b. Someone poked me offlist about a potential security issue here: what
if the probing user was blocked from receiving the contact's presence at
that time (e.g. via privacy lists)?
Therefore I suggest that the spec shall be modified to read as follows:
******
2. Else, if the contact has no available resources, then the server
MUST reply to the presence probe by sending to the user a
presence stanza of type "unavailable"; this presence stanza
SHOULD be empty but (subject to local security policies) MAY
include the full XML of the last unavailable presence stanza that
the server received from the contact.
CS: <presence from='mercutio at example.com'
to='juliet at example.com'
type='unavailable'/>
******
Objections?
Peter
--
Peter Saint-Andre
https://stpeter.im/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.