Re: [xmpp] 3921bis: probe + unavailable
Ben Schumacher <Ben.Schumacher@webex.com> Thu, 28 January 2010 21:57 UTC
Return-Path: <Ben.Schumacher@webex.com>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DF4173A6999 for <xmpp@core3.amsl.com>; Thu, 28 Jan 2010 13:57:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.999
X-Spam-Level:
X-Spam-Status: No, score=-109.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_31=0.6, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xE8edwygYuKb for <xmpp@core3.amsl.com>; Thu, 28 Jan 2010 13:57:35 -0800 (PST)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by core3.amsl.com (Postfix) with ESMTP id 2EDB93A677C for <xmpp@ietf.org>; Thu, 28 Jan 2010 13:57:35 -0800 (PST)
Authentication-Results: sj-iport-5.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApoEAH2XYUurR7Ht/2dsb2JhbADBK4EmCAGWJ4IoghUE
X-IronPort-AV: E=Sophos;i="4.49,363,1262563200"; d="scan'208";a="141812629"
Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-5.cisco.com with ESMTP; 28 Jan 2010 21:57:54 +0000
Received: from [64.101.72.251] (dhcp-64-101-72-251.cisco.com [64.101.72.251]) by sj-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o0SLvsj7016260 for <xmpp@ietf.org>; Thu, 28 Jan 2010 21:57:54 GMT
Message-ID: <4B620861.40603@webex.com>
Date: Thu, 28 Jan 2010 14:57:53 -0700
From: Ben Schumacher <Ben.Schumacher@webex.com>
Organization: Cisco Systems, Inc.
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20100111 Lightning/1.0b2pre Thunderbird/3.0.1
MIME-Version: 1.0
To: xmpp@ietf.org
References: <4B6202CF.6070702@stpeter.im> <14795.1264714828.295077@puncture>
In-Reply-To: <14795.1264714828.295077@puncture>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [xmpp] 3921bis: probe + unavailable
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: bschumac@cisco.com
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2010 22:00:58 -0000
On 01/28/2010 02:40 PM, Dave Cridland wrote: >> b. Someone poked me offlist about a potential security issue here: what >> if the probing user was blocked from receiving the contact's presence at >> that time (e.g. via privacy lists)? > > Right. > >> 2. Else, if the contact has no available resources, then the server >> MUST reply to the presence probe by sending to the user a >> presence stanza of type "unavailable"; this presence stanza >> SHOULD be empty but (subject to local security policies) MAY >> include the full XML of the last unavailable presence stanza that >> the server received from the contact. > > Replace SHOULD with "will typically be". You can't have SHOULD but > MAY, I think, and it's not an interop requirement. > > Also, you might stamp it with a delay, in which case it's not empty... > > Dave. As the person responsible for the offlist poking, I feel I should step up and point out that stamping delay constitutes a presence leak. If I had a privacy list that blocked you, Dave, from receiving my presence while I'm online then I got offline and the server then decides to respond to probes that indicate when I was last online, you now know that I was online and trying to hide that fact from you. An empty presence type="unavailable" is the only way to ensure (without some really complex heavy lifting on the server) that you're properly indicating that the user isn't here right now, and that's all. I would further recommend that this unavailable presence MUST be from the bare JID (user@host) as the server should be indicating that this Presence Entity is unavailable, rather than a session (if you're going to send the last unavailable, then the server ought to rewrite the from to this effect). Finally, (and this isn't RFC related) the privacy list XEP(s?) should be updated to indicate that the same behavior should be followed. Cheers, Ben
- [xmpp] 3921bis: probe + unavailable Peter Saint-Andre
- Re: [xmpp] 3921bis: probe + unavailable Dave Cridland
- Re: [xmpp] 3921bis: probe + unavailable Ben Schumacher
- Re: [xmpp] 3921bis: probe + unavailable Dave Cridland
- Re: [xmpp] 3921bis: probe + unavailable Peter Saint-Andre
- Re: [xmpp] 3921bis: probe + unavailable Waqas Hussain
- Re: [xmpp] 3921bis: probe + unavailable Jonathan Schleifer
- Re: [xmpp] 3921bis: probe + unavailable Jonathan Schleifer
- Re: [xmpp] 3921bis: probe + unavailable Peter Saint-Andre
- [xmpp] probe from/to (was: Re: 3921bis: probe + u… Peter Saint-Andre
- Re: [xmpp] probe from/to Philipp Hancke
- Re: [xmpp] probe from/to (was: Re: 3921bis: probe… Waqas Hussain
- Re: [xmpp] probe from/to Peter Saint-Andre
- Re: [xmpp] 3921bis: probe + unavailable Jonathan Schleifer
- Re: [xmpp] 3921bis: probe + unavailable Peter Saint-Andre
- Re: [xmpp] 3921bis: probe + unavailable Jonathan Schleifer
- Re: [xmpp] 3921bis: probe + unavailable Jonas Lindberg
- Re: [xmpp] 3921bis: probe + unavailable Jonathan Schleifer
- Re: [xmpp] 3921bis: probe + unavailable Jonas Lindberg
- Re: [xmpp] 3921bis: probe + unavailable Ben Schumacher
- Re: [xmpp] 3921bis: probe + unavailable Jonas Lindberg
- Re: [xmpp] 3921bis: probe + unavailable Peter Saint-Andre
- Re: [xmpp] 3921bis: probe + unavailable Philipp Hancke
- Re: [xmpp] 3921bis: probe + unavailable Peter Saint-Andre
- Re: [xmpp] 3921bis: probe + unavailable Justin Karneges
- Re: [xmpp] 3921bis: probe + unavailable Jonas Lindberg
- Re: [xmpp] 3921bis: probe + unavailable Peter Saint-Andre
- Re: [xmpp] 3921bis: probe + unavailable Jonathan Schleifer
- Re: [xmpp] 3921bis: probe + unavailable Jonas Lindberg
- Re: [xmpp] 3921bis: probe + unavailable Joe Hildebrand
- Re: [xmpp] 3921bis: probe + unavailable Jonathan Schleifer
- Re: [xmpp] 3921bis: probe + unavailable Peter Saint-Andre