On Sun, 5 Oct 2008 15:12:18 +0200 Jonathan Schleifer <[EMAIL PROTECTED]> wrote:
> Am 05.10.2008 um 15:02 schrieb Pavel Simerda: > > > Btw, is there a real reason to use randomized resource strings... > > or is > > it just to overcome bugs made by client and server developers? > > > Main reason is to work around presence leaks - wrong approach, IMO. That is a nice opinion. But this needs a lot of knowledge and discussions. I am also very curious to hear why to spoil one of XMPP's long-used and funcional features instead of fixing the bugs. Anyway this too much resembles security-by-obscurity (more specifically privacy-by-obscurity). I personally thing this idea only brings a FALSE sense of privacy and no real gain. Any single use case that can't be fixed by better means than randomizing a convenient resource string? Pavel > > Another reason I could think of is so that Average Joe can use the > same Jabber Client on two machines without the need to know how to > change the resource - but for that, the client could generate a > random resource when the account is added and save that. > > -- > Jonathan > -- Pavel Šimerda Freelancer v oblasti počítačových sítí, komunikace a bezpečnosti Web: http://www.pavlix.net/ Jabber & Mail: pavlix(at)pavlix.net OpenID: pavlix.net
