diff --git a/xep-0175.xml b/xep-0175.xml index 70416869..59d7c44d 100644 --- a/xep-0175.xml +++ b/xep-0175.xml @@ -60,7 +60,7 @@

An XMPP server implementation SHOULD NOT enable the SASL ANONYMOUS mechanism by default, but instead SHOULD force an administrator to explicitly enable support in any given deployment.

An XMPP server SHOULD assign a temporary, unique bare JID &LOCALBARE; to a client that authenticates with SASL ANONYMOUS. Although the method for ensuring the uniqueness of localpart is a matter of implementation, it is RECOMMENDED for the localpart to be a UUID as specified in &rfc4122;.

-

After a client authenticates using the SASL ANONYMOUS mechanism, it MUST bind a resource; the server SHOULD ignore the resource identifier provided by the client (if any) and instead assign a resource identifier that it generates on behalf of the client.

+

After a client authenticates using the SASL ANONYMOUS mechanism, it MUST bind a resource. On public servers where the same JID is reused for multiple anonymous sessions, the server MAY ignore the resource identifier provided by the client (if any) and instead assign a resource identifier that it generates on behalf of the client.

Because an anonymous user is unknown to the server, the server SHOULD appropriately restrict the user's access in order to limit the possibility of malicious behavior, such as denial of service attacks as described in &xep0205;. The following restrictions are encouraged:

  1. The user SHOULD NOT be allowed to initiate communication with entities hosted at remote servers.