• Feeds

  • JID欺骗 (JEP-0165) JID Spoofing

    JEP-0165 JID Spoofing,最新版本叫XEP-0165: Best Practices to Discourage JID Mimicking

    JID 欺骗其实不只是在Jabber的领域发生,在MSN, Email中同样也存在,如你是 Microsoft 的员工,有个
    的MSN账号添加你(注意是BI11),这就是一个账号欺骗,他希望你认为他是。

    因此在 jabber 的世界里面 (注意是PAYPA1)会冒充 来欺骗你。这个方法在一些术语里面也称为“typejacking”,因此这个JEP提供了几个 best practice 来防止 JID 欺骗。

    1. 使用 petname system
    2. 使用证书
    3. 添加好友需要一个双方都认识的中间人(相当于只有邀请only的圈子)

    其他还有些不是十分实用的方法

    Every human user of Jabber/XMPP technologies presumably has a preferred language (or, in some cases, a small set of preferred languages), which an XMPP application SHOULD gather either explicitly from the user or implicitly via the user’s operating system. Furthermore, every language has a range of characters normally used to represent that language in textual form. Therefore, an XMPP application SHOULD warn the user when presenting a JID that uses characters outside the normal range of the user’s preferred language(s).