Re:

Kevin Smith wrote:
> I don't think it would be too onerous to add a protocol
which drops iq 
> to full jids for contacts with subscription 'none', and
I think this 
> would address all camps' issues.

This doesn't help.

Non-subscribers can discover resource IDs through message
exchanges 
(e.g. XEP-0155 Stanza Session Negotiation or XEP-0116
Encrypted Session 
Negotiation), and then perfectly legitimately send iqs to
full JIDs 
(e.g. Jingle).

And before anyone says it... many (most?) people don't want
to give 
presence subscriptions to everyone they are prepared to
accept a voice 
chat with (I certainly don't).

> Gtalk's method works well here, they get the random
resources that 
> make server farming easier, and I still get immediately
identifiable 
> resources, while ensuring that presence isn't leaked by
different 
> replies to iq from server and client, etc.

Yes, any resource will protect against presence leaks as
long as it also 
contains sufficent randomness.

- Ian

On 30 May 2007, at 14:47, Ian Paterson wrote:
> Kevin Smith wrote:
>> I don't think it would be too onerous to add a
protocol which  
>> drops iq to full jids for contacts with
subscription 'none', and I  
>> think this would address all camps' issues.
>
> This doesn't help.
>
> Non-subscribers can discover resource IDs through
message exchanges  
> (e.g. XEP-0155 Stanza Session Negotiation or XEP-0116
Encrypted  
> Session Negotiation), and then perfectly legitimately
send iqs to  
> full JIDs (e.g. Jingle).

You're right; when I typed that what I meant to say was
people who  
haven't received status, either due to being on the roster
or having  
received directed presence.

While people don't want to give a subscription to people
they  
communicate with, sending a directed presence isn't too
onerous (I  
think Peter has brought this idea up before).

/K

-- 
Kevin Smith
Psi XMPP Client Project Leader (http://psi-im.org)