On Oct 5, 2008, at 2:08 AM, Jonathan Schleifer wrote:
Am 05.10.2008 um 03:05 schrieb Matthew Wild:
Personally I agree with you, I would probably continue to use a
static
resource. However it is against the spirit of XMPP to allow the
possibility of presence leaks, so I think it is best that the RFC
says
that clients SHOULD ask for a server-generated resource.
A random resource is just a very ugly workaround for presence leaks.
Fix the root of the problem, not the symptoms. For example, a client
can still leak through XEP-0184, the random resource won't help there.
There will always be presence leaks in some extensions. Its a trade-
off: some extensions are not possible without presence leaks.
But the core protocols should not have presence leaks by default.
It sets a bad example for extension writers: "hey, if even core rfcs
don't care about presence leaks, why should I?".
No only should Caesar's wife should be above reproach, she should be
seen to be, as well.
That said, a clever client could generate a random resource, and use
that. If it got temporarily disconnected, it could re-use the same
resource until you actually sign off manually or quit.
Which would kill the idea of a random resource to "protect you from
presence leaks" (which is nonsense anyway).
Please explain why having random resources in the Core protocol
doesn't solve presence leaks *in the core protocol*.
Extensions can introduce presence leaks as a trade-off for
functionality, after all, thats why they are optional extensions.
Best regards
--
Pedro Melo
Blog: http://www.simplicidade.org/notes/
XMPP ID: [EMAIL PROTECTED]
Use XMPP!
