[ejabberd] privacy lists in 2.1.6

Evgeniy Khramtsov xramtsov at gmail.com
Thu Apr 28 17:35:55 MSD 2011


28.04.2011 23:28, Yann Leboulanger wrote:
> Le 25/04/2011 13:36, Badlop a écrit :
>>
>> A client sets a privacy list with one or more rules, and the server 
>> obeys them.
>> The result is that some stanzas get blocked, as was explicitly
>> specified in the rules.
>> That was to be expected, right?
>>
>> If that was undesired, then the client should set a different set of 
>> rules.
>>
>>> So will there be something done to "fix" this issue?
>>
>> Yes, the client should only deny all stanzas of subscription=none
>> if it has already allowed all stanzas of jid=myserver.com
>>
>> But surprinsgly, that rule will also allow stanzas of all users in 
>> myserver.com:
>>> <domain>  (the domain itself matches, as does any user at domain or 
>>> domain/resource)
>>
>> So, the protocol makes impossible to write a proper privacy list,
>> and forces client developers to request server developers to be
>> protocol incompliant.
>>
>> This leads us to propose that ejabberd should violate the 
>> user-defined rules.
>> See an experimental patch in 
>> https://support.process-one.net/browse/EJAB-1441
>>
>> Can we safely commit that without having another guy, a month later,
>> complain that ejabberd violates user privacy rules?
>
> I fully agree with you, XEP-0016 is problematic. I've discussed that 
> in standards ML, and it seems (still discussed) that iq stanza from 
> user's server to user should be considered as incoming stanza, and 
> thus should not be blocked.
> It seems (I don't know erlang) that it's what your patch does.
>
> If that could be written in XEP, that would be nice so all server 
> implementation could have the same behaviour.
>

Badlop created a ticket: https://support.process-one.net/browse/EJAB-1441
Probably, it is better to move the discussion there.

-- 
Regards,
Evgeniy Khramtsov, ProcessOne.
xmpp:xram at jabber.ru.



More information about the ejabberd mailing list