On 01/31/2010 01:44 PM, Justin Karneges wrote:
doesn't this mean my local server may need to track which rooms I've joined on a remote service? This would be required for authorizing the probe, would it not? Seems like a potential DoS to me.It already has to do this, so that if the client goes unavailable the server can send unavailable presence to all JIDs that have received directed presence earlier.
Justin, Matthew- I'm afraid I wasn't clear enough in my earlier email.Which presence do you expect the server to send in this condition? The most recently sent undirected presence? Seems like a information leak to me. When I've sent you directed presence I haven't authorized you to see my presence status, I've provided you with a specific picture of my presence.
Those are two entirely different things. There's a reason that you're required to send presence updates if you change status/show/etc to MUC rooms and that the server doesn't do this for you on your behalf.
Cheers, Ben
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.