Merge branch 'xep-0465' into premerge

2022-08-23 21:30:36 +02:00 · 2022-08-23 21:30:36 +02:00 · 580b207c4a
parent 5ab1461707 dfafc106d0
commit 580b207c4a
1 changed files with 8 additions and 0 deletions
--- a/xep-0465.xml
+++ b/xep-0465.xml
@ -29,6 +29,12 @@
    <email>goffi@goffi.org</email>
    <jid>goffi@jabber.fr</jid>
  </author>
+  <revision>
+    <version>0.1.1</version>
+    <date>2022-07-25</date>
+    <initials>Jérôme Poisson (jp)</initials>
+    <remark>Update Security Considerations according to council feedback.</remark>
+  </revision>
  <revision>
    <version>0.1.0</version>
    <date>2022-05-17</date>
@ -193,6 +199,8 @@
 <section1 topic='Security Considerations' anchor='security'>
    <p>Publishing publicly subscriptions of a user has pricacy implications: those public subscriptions may be used by someone to get a user interests or to know they network of contacts.</p>
    <p>It may be used by bad actors for many reasons like advertising, or it may even be life threating in some countries/situation as it may be used to known political opinion, religion, sexual orientation, etc. A client SHOULD make the subscription public only if there is no doubt that this is what the user wants, by using an opt-in system, and SHOULD display a well visible warning about the consequences of making a subscription public.</p>
+    <p>By having subscription public, an entity JID can be checked or harvested by doing a request on the public subscriptions node. A client SHOULD display a warning clearly indicating that making subscriptions public makes its JID discoverable.</p>
+    <p>For the same reason, a server SHOULD respond identically to a pubsub request to public subscriptions node if the user doesn't exist or if they exist but they don't have any public subscriptions.</p>
 </section1>

 <section1 topic='IANA Considerations' anchor='iana'>