> Ear mine idea: user1 want contact user2. User2 don't has user1 in buddylist > (server side), the xmpp query a central database (distributed in some > points), if the user1 is spam, then don't forward.
My idea: user1 sends user2 an authreq to add user2 to their buddylist. user2 has configured user2's client to not allow random people to add them to her buddy list. user2's client hash's user1's jid, and sends an <iq> request to everyone in their list saying "any of you gals know about hash(user1)?" one of them (user3) replies with "yeah, I know user1, and to prove it, heres what their jid is.". user2's client pops up a dialog box saying "user1 wants to add you to their contact list. This user is also known by user3.". This means that within your group of friends someone is likely to know your friend. Very little information is leaked, by way of a hash. It's per user, so you don't have to worry about people using j.o to abuse (spam/phish/whatever), or some other well known server. It does have the "bootstrap" problem of if I have a new account, and I don't have any contacts, then nobody will want to add me to their roster. However user1 could use some out of band system to get someone else (user2) to add them (user1) to their (user2's) roster, and bootstrap the system from there (since user1 won't have anyone in their roster, their client shouldn't limit people trying to add them). _______________________________________________ jdev mailing list jdev@jabber.org http://mail.jabber.org/mailman/listinfo/jdev
