-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 7/2/09 9:28 PM, Matthew Wild wrote: > On Thu, Jul 2, 2009 at 5:02 PM, Peter Saint-Andre<stpe...@stpeter.im> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 6/30/09 8:37 AM, Dave Cridland wrote: >>> On Tue Jun 30 15:33:35 2009, Matthew Wild wrote: >>>> It does. Anonymous users get given a unique (~random) JID, with an >>>> empty roster. So you /can/ send presence, you just either have to send >>>> it to a known address, or add people to your temporary roster first. >>> FWIW, although I agree that's what *should* happen, nothing in the >>> specifications available says that's what does. >>> >>> Perhaps an update to include such things in XEP-0175 is in order? >> Indeed, aligning XEP-0175 more closely with RFC 4505 might be helpful. >> For example, RFC 4505 says that typically an anonymous user will have >> "restricted access" but it seems to leave the definition of restricted >> access up to the application protocol. The security considerations >> section of RFC 4505 talks about denial of service attacks and the like, >> so we might want to discuss such issues in XEP-0175 a bit more than we >> do now. Et cetera. >> > > Based on this and discussion on the topic the other day in jdev, I > just made a commit to Prosody to disable s2s by default for anonymous > users. This can of course be overridden by admins if they so choose, > but it seems a very sane default for me. > > I wouldn't be against adding this recommendation to XEP-0175.
Yes, I was thinking about that yesterday after I posted: when we say that an anonymous user should have restricted access, what does that mean? In part it might mean that the user is temporary and therefore cannot establish permanent relationships via pubsub subscriptions, registration with chatrooms, etc. If the user does that on the local server, the local server can clean up after the anonymous user's session is over, but the local server can't perform that cleanup if the user has taken such actions on a remote server, so I think that forbidding outbound s2s communication is a reasonable restriction. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpOAnEACgkQNL8k5A2w/vyiTACgvQ/aEkDiIum4SP5r4ugMBena +V8An2Ki3dRSN8BxlyqzdQvfGs4+N2eQ =N64f -----END PGP SIGNATURE-----
