[Pidgin] #15662: roster management, xmpp security

Pidgin trac at pidgin.im
Mon Jun 10 05:54:19 EDT 2013


#15662: roster management, xmpp security
--------------------------+---------------------
 Reporter:  notphilipfry  |       Owner:  deryni
     Type:  enhancement   |      Status:  new
Milestone:                |   Component:  XMPP
  Version:  2.10.7        |  Resolution:
 Keywords:                |
--------------------------+---------------------
Description changed by notphilipfry:

Old description:

> Please add support for xep-0016
> http://xmpp.org/extensions/xep-0016.html
>
> https://developer.pidgin.im/wiki/SupportedXEPs
>

> Privacy List'''s'''  is plural (obviously).  This allows for easy/quick
> toggling of allowing/disabling various bits perhaps as one changes one's
> resource.
>
> * All or nothing subscription authorization is woefully deficient
> * Not all roster members should see my client [version] through IQ
> stanzas.
> * Not all roster members should see all my PEP (mood, activity, tune,
> locus)
> * * [real time] locus, fine grain GPS for example, should only be
> available to friends and not anyone.  Experience a stalker or two before
> deciding against
>

>
> [[BR]]
> [[BR]]
> [[BR]]
>
> quote:
>
> Server-side privacy lists enable successful completion of the following
> use cases:
>
>     Retrieving one's privacy lists.
>     Adding, removing, and editing one's privacy lists.
>     Setting, changing, or declining active lists.
>     Setting, changing, or declining the default list (i.e., the list that
> is active by default).
>     Allowing or blocking messages based on JID, group, or subscription
> type (or globally).
>     Allowing or blocking inbound presence notifications based on JID,
> group, or subscription type (or globally).
>     Allowing or blocking outbound presence notifications based on JID,
> group, or subscription type (or globally).
>     Allowing or blocking IQ stanzas based on JID, group, or subscription
> type (or globally).
>     Allowing or blocking all communications based on JID, group, or
> subscription type (or globally).

New description:

 Please add support for xep-0016
 http://xmpp.org/extensions/xep-0016.html

 https://developer.pidgin.im/wiki/SupportedXEPs


 Privacy List'''s'''  is plural (obviously).  This allows for easy/quick
 toggling of allowing/disabling various bits perhaps as one changes one's
 resource.

 * All or nothing subscription authorization is woefully deficient
 * Not all roster members should see my client [version] through IQ
 stanzas.
 * Not all roster members should see all my PEP (mood, activity, tune,
 locus)
 * * [real time] locus, fine grain GPS for example, should only be
 available to friends and not anyone.  Experience a stalker or two before
 deciding against



  XEP-0191 has been implemented but it is not much better than revoking
 subscription- or removing roster member.

 The specious counter claim that XEP-0016 is "too complicated" need be
 revisited by those who are also f*book users (not me) who can navigate
 f*book "privacy" controls. ''XEP-0016 is at least one order of magnitude
 less complex than f*book analogue.''

 [[BR]]
 [[BR]]
 [[BR]]

 quote:

 Server-side privacy lists enable successful completion of the following
 use cases:

     Retrieving one's privacy lists.
     Adding, removing, and editing one's privacy lists.
     Setting, changing, or declining active lists.
     Setting, changing, or declining the default list (i.e., the list that
 is active by default).
     Allowing or blocking messages based on JID, group, or subscription
 type (or globally).
     Allowing or blocking inbound presence notifications based on JID,
 group, or subscription type (or globally).
     Allowing or blocking outbound presence notifications based on JID,
 group, or subscription type (or globally).
     Allowing or blocking IQ stanzas based on JID, group, or subscription
 type (or globally).
     Allowing or blocking all communications based on JID, group, or
 subscription type (or globally).

--

-- 
Ticket URL: <https://developer.pidgin.im/ticket/15662#comment:3>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list