powered by Jive Software

Anonymous room invites include non-anonymous (bare) jid of invitor

<message to=’‘logger@hostname’’ from=’‘testing@conference.hostname’’>

<x xmlns=’‘http://jabber.org/protocol/muc#user’’>

<invite from=’‘username@hostname’’><reason>Come join us!</reason></invite>

<password>password</password>

</x>

<x xmlns=’‘jabber:x:conference’’ jid=’‘testing@conference.hostname’’/>

</message>

section 6.7 says: The <room@service> itself MUST then add a ‘‘from’’ address to the <invite/> element whose value is the bare JID (or, optionally, the room JID) of the invitor.

I think leaking out the bare JID in the case of anonymous room seems rather non-anonymous…

or, to make this a question, shouldn’'t the invite from attribute be set to the room jid in the case of an anonymous room?

Thanks,

Joe

(replaced less than/greather than signs with ampersand lt; and ampersand gt; so message would display correctly - sorry)

Message was edited by: meadowsj

Hi Joe,

why should one be able to send invitations to other users while hiding his JID? I don’‘t like the idea to get invitations every minute and I don’‘t know who is sending them. This would be the case if the room JID is sent, wouldn’'t it?

LG

Good point. I was thinking of info leakage, but the one doing the inviting has to know your real jid, so it’'s only fair you get to know theirs…