On Wed, Apr 29, 2009 at 5:42 AM, Peter Saint-Andre <stpe...@stpeter.im> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > FYI. This proposal emerged from discussions among some operators and > server vendors at XMPP Summit #6 in February... >
The current proposal doesn't look bad. A few notes follow. The <solution> and <suggestion> elements should most certainly contain <ip> elements, the reporter in most cases won't know the IP, except in the case of suspicious registrations. Waqas also told me he had reservations about using the server's roster this way, and overloading presence subscriptions with something they are not. I'm not really fussed either way, but it would be interesting to know what others think of this. It would also be useful to have a way of forwarding reports on to other servers, perhaps including the originator. Otherwise perhaps we need a way to ask a "friend" server who they trust, as a means of bootstrapping our own list. Suggestion and solution elements could also be present in the initial report, not sure if the XEP is allowing this, but it should probably be said explicitly. One question is whether servers accept reports from unknown servers when the report relates to users on that server. For reasoning, see the blog post I wrote a while back at http://matthewstechnologyblog.blogspot.com/2008/05/jabber-abuse-handling.html - The idea is that the abuser's login server collects reports from anyone, and once satisfied that there really is a problem it can act (either automatically or by notifying the admin). Matthew.
