On Tue, Sep 22, 2009 at 10:40 AM, Jehan <[email protected]> wrote: > > To come back to the specific issue of temporary pubsub subscription with > SASL ANONYMOUS. The problem is that a pubsub server does not "know" when > you are using a transient JID (as one can read on XEP-0175, a randomly > generated JID has nothing particular to identify it as being transient). > So should it be the responsability of the user's client to make the > subscription "temporary" automatically (without user's action) when the > user subscribes while anonymously connected? >
This is not enough, the node owner (or service owner, but the former is preferable) should be able to force it. Imagine that you have a service where 100% of the clients have temporary JIDs (this is not just hypothetical, I happen to be involved with one such service). In this case, allowing non-temporary subscriptions would allow a malicious client to easily and quickly create tons of subscriptions on a busy node, leading to an overload. Enforcing temporary subscriptions makes such an attack impossible (or at least much harder), as the attacker would have to keep an open connection for each subscription. When subscribing to a pubsub node, you can specify a full or a bare JID as > the subscriber. Usually the obvious default from any client is to provide > the bare jid, unless you change it explicitely by your full jid (but which > client allows this? > Correct, but in some situations full JID subscriptions are preferable to bare JID ones. E.g. when a user logs in on several machines, but each instance is only interested in the nodes it has explicitly open. In this case bare JID subscriptions would only result in useless traffic (if they work correctly at all, because AFAIK it's not precisely specified to which resources notifications will be delivered).
