> > 2. With most legacy networks, the transport should auto-import the legacy > > system's contact list to the Jabber roster. JIT simply sends a presence > > type=subscribed but this is problematic as with unpatched Jabber servers > > the nick can't be pushed to the roster and it is uncertain how for example > > jabberd2 handles this. > > Possibility to populate someones roster with <presence type=subscribed> > is a security issue and I hope it is not present in jabberd2.
jabberd2 does add a roster item if "subscribed" presence packet arrives for a user not in the roster. Whether this is actually a bug or a problem has been somewhat ambiguous[1] until recently, when the subscription state charts were added to XMPP-IM. Now, section 9.4.1 clearly shows that if an "subscribed" presence packet arrives, and we don't have a subscription, then nothing happens. I will be looking at getting this fixed for 2.0s1. Rob. [1] See http://www.jabberstudio.org/pipermail/jabberd/2002-December/000411.html -- Robert Norris GPG: 1024D/FC18E6C2 Email+Jabber: [EMAIL PROTECTED] Web: http://cataclysm.cx/
signature.asc
Description: Digital signature
