On Thu, Aug 13, 2009 at 8:15 PM, Brian Cully<bcu...@gmail.com> wrote: > On 13-Aug-2009, at 21:06, Peter Saint-Andre wrote: >> Whether any of these attack vectors are worrisome is another matter. > > I tend not to think so. In the case where a bare JID is reused (e.g., > "anonym...@example.com") then it's acceptable to generate a resource (thus, > the SHOULD should become a MAY in the XEP), and it comes down to a > particular server implementation and how it generates bare JIDs. In the case > where the bare JID is truly unique to any given stream then there's no > reason to generate a resource.
I would also like to see SHOULD replaced by MAY in that sentence. Other than that I like the changes. Andy