RFC 3921 saith: A server MUST ignore any 'to' address on a roster "set", and MUST treat any roster "set" as applying to the sender. For added safety, a client SHOULD check the "from" address of a "roster push" (incoming IQ of type "set" containing a roster item) to ensure that it is from a trusted source; specifically, the stanza MUST either have no 'from' attribute (i.e., implicitly from the server) or have a 'from' attribute whose value matches the user's bare JID (of the form <[EMAIL PROTECTED]>) or full JID (of the form <[EMAIL PROTECTED]/resource>); otherwise, the client SHOULD ignore the "roster push".
I think it would be simpler to specify that the server MUST NOT include a 'from' address on the roster push. The client would then need to ignore the 'from' (not do all that checking). So I propose the following text: A server MUST ignore any 'to' address on a roster set, and MUST treat any roster "set" as applying to the sender. A server MUST NOT include a 'from' address on a roster push. If a roster push includes a 'from' address then the client SHOULD ignore the stanza. Peter -- Peter Saint-Andre XMPP Standards Foundation http://www.xmpp.org/xsf/people/stpeter.shtml
smime.p7s
Description: S/MIME Cryptographic Signature
