Yes yes, I just meant that having a single setting for MAM and public logs might obviously circumvent MAM's access restrictions. If the admin enabled public logging in general, and the room owner (or his client) just wants to enable MAM logging for a private group. L✎
Holger
Yes yes, I just meant that having a single setting for MAM and public logs might obviously circumvent MAM's access restrictions. If the admin enabled public logging in general, and the room owner (or his client) just wants to enable MAM logging for a private group. ✏
DebXWoodyhas joined
Holger
(But seems everyone agrees now anyway. This was different last time we discussed this.)
pep.
Zash: the changesubject thing was wrong in that MUC example right? roominfo / roomconfig
pep.
Holger: everyone on a subset of 3
pep.
Maybe that's already better than last time :p
antranigvhas left
Holger
pep.: Everyone else had an entire night of time to object!
Zash
pep.: Hm? No? Just weird and inconsistent.
Tobiashas joined
Lancehas joined
Lancehas left
winfriedhas left
winfriedhas joined
Andrzejhas left
papatutuwawahas left
papatutuwawahas joined
winfriedhas left
winfriedhas joined
Andrzejhas joined
florettahas joined
Lancehas joined
j.rhas left
j.rhas joined
mukt2has left
mukt2has joined
Steve Killehas left
papatutuwawahas left
slouchy6has left
Andrzejhas left
debaclehas left
Steve Killehas joined
Lancehas left
mukt2has left
papatutuwawahas joined
mukt2has joined
Andrzejhas joined
Lancehas joined
emushas left
emushas joined
Andrzejhas left
Lancehas left
antranigvhas joined
larmahas joined
mukt2has left
antranigvhas left
antranigvhas joined
mukt2has joined
antranigvhas left
mukt2has left
debaclehas joined
Lancehas joined
Andrzejhas joined
eevvoorhas joined
antranigvhas joined
mukt2has joined
Lancehas left
Andrzejhas left
Lancehas joined
Andrzejhas joined
andrey.ghas joined
Lancehas left
eevvoorhas left
Lancehas joined
Andrzejhas left
eevvoorhas joined
Lancehas left
lovetoxhas joined
Danielhas left
Danielhas joined
Andrzejhas joined
alameyohas left
alameyohas joined
Lancehas joined
andrey.ghas left
Lancehas left
Lancehas joined
lovetox
is it somewhere definied what a server needs to return on disco-info to a account that does not exist?
Zash
https://xmpp.org/rfcs/rfc6120.html#rules-local-barejid-nosuchuser
> For an IQ stanza, the server MUST return a <service-unavailable/> stanza error (Section 8.3.3.19) to the sender.
krauqhas left
krauqhas joined
lovetox
ejabberd returns subscription-required
lovetox
but ok
pep.
What would you have to subscribe to to disco an account? Roster?
Guus
It might be needed to distinguish between JIDs that do not refer to an existing entity, and JIDs that are associated to users that used SASL ANON.
emushas left
Guus
You can probably disco/info an anonymous user?
emushas joined
Ge0rG
something something user enumeration attacks
Guus
'something something' isn't going to cut it. Be more specific please.
Lancehas left
Lancehas joined
Ge0rG
A server should ideally return the same response for an existing user as for a non-existing one, unless you are allowed to see the respective record
Zash
so that it's not trivial to find out which users exist
lovetox
yeah so subscription-required makes more sense
lovetox
because this you can return for ALL users
lovetox
while service-unavailable you can only return for users that dont exist?
lovetox
or does prosody also return that if you are not subscribed to a contact
Zash
Should be the same error in both cases
lovetox
am i allowed to disco info the contact if he sent me a message?
lovetox
or can i simply never disco info a contact im not subscribed to
Zash
no. probably.
Zash
sending a message wouldn't matter here
Lancehas left
goffihas joined
Ge0rG
lovetox: most servers try to stay stateless as far as possible, so incoming traffic isn't registered as any kind of auth, only presence subscriptions