On 15-Jul-2009, at 19:55, Matthew Wild wrote:
I think any client which doesn't obey this is inherently insecure already and should be fixed now, regardless of whether this proposed change goes ahead. For the reasons I stated on the XMPP list I don't have any desire for servers to vet stanzas a client receives to its full JID (privacy lists aside).
+1. You get what you deserve when you trust a roster that comes from anywhere in the universe.
-bjc