mirror of
https://github.com/moparisthebest/xeps
synced 2024-12-21 23:28:51 -05:00
XEP-0384: server side requirments
This commit is contained in:
parent
20e29ee94b
commit
779af896e2
@ -596,6 +596,15 @@
|
||||
<p>When a client receives the message from a device id that is not on the device list, it SHOULD try to retrieve that user's devices node directly to ensure their local cached version of the devices list is up-to-date.</p>
|
||||
</section1>
|
||||
<section1 topic='Implementation Notes' anchor='impl'>
|
||||
<section2 topic='Server side requirements' anchor='server-side'>
|
||||
<p>While OMEMO uses a Pubsub Service (&xep0060;) on the user’s account it has more requirments than those defined in &xep0163;. The requirements are:</p>
|
||||
<ul>
|
||||
<li>The pubsub service MUST persist node items.</li>
|
||||
<li>The pubsub service MUST support publishing options as defined <link url='https://xmpp.org/extensions/xep-0060.html#publisher-publish-options'><cite>XEP-0060</cite> §7.1.5</link></li>
|
||||
<li>The pubsub service MUST support 'max' as a value for the 'pubsub#persist_items' node configuration</li>
|
||||
<li>The pubsub service SHOULD support the 'open' access model for node configuration and 'pubsub#access_model' as a publish option.</li>
|
||||
</ul>
|
||||
</section2>
|
||||
</section1>
|
||||
<section1 topic='Security Considerations' anchor='security'>
|
||||
<p>Clients MUST NOT use a newly built session to transmit data without user intervention. If a client were to opportunistically start using sessions for sending without asking the user whether to trust a device first, an attacker could publish a fake device for this user, which would then receive copies of all messages sent by/to this user. A client MAY use such "not (yet) trusted" sessions for decryption of received messages, but in that case it SHOULD indicate the untrusted nature of such messages to the user.</p>
|
||||
|
Loading…
Reference in New Issue
Block a user