On Monday 01 February 2010 10:57:53 Ben Schumacher wrote: > On 01/31/2010 01:44 PM, Justin Karneges wrote: > >> doesn't this mean my local server may need to track which rooms I've > >> joined on a remote service? This would be required for authorizing the > >> probe, would it not? Seems like a potential DoS to me. > > > > It already has to do this, so that if the client goes unavailable the > > server can send unavailable presence to all JIDs that have received > > directed presence earlier. > > Justin, Matthew- > > I'm afraid I wasn't clear enough in my earlier email. > > Which presence do you expect the server to send in this condition? The > most recently sent undirected presence? Seems like a information leak to > me. When I've sent you directed presence I haven't authorized you to see > my presence status, I've provided you with a specific picture of my > presence. Basically, the server should return the most recently sent presence to the JID doing the probing, whether directed or undirected. So, no, if you send me directed presence and then I probe you, I would not expect to receive your "real" (undirected) presence. -Justin
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.