Improve security considerations.
- To prevent burner JIDs from being abused for spamming, implementations - SHOULD rate limit all burner JIDs in use by an authentication identity as a - single unit. + To prevent burner JIDs from being abused for spamming, implementations MAY + rate limit all burner JIDs in use by an authn identity as a single unit. + However, be advised that this may provide a third party that can monitor + traffic patterns with the ability to determine what burner JIDs belong to + the same user. + To prevent a burner JIDs authn identity from being discovered the same way, + burner JIDs SHOULD NOT share a rate limit with their authn identity.
- If TLS channel binding information is encoded in the burner JID it is - RECOMMENDED that the tls-unique channel binding value be used as defined by - &rfc5929; §3. - However, for resumed sessions the JIDs SHOULD be considered invalid unless - the master-secret fix from &rfc7627; has been implemented because otherwise - resumption does not include enough context to successfully verify the - binding. + If TLS channel binding information is encoded in the local part of the + burner JID it is RECOMMENDED that the tls-unique channel binding value be + used as defined by &rfc5929; §3. + Note that unless the master-secret fix from &rfc7627; has been implemented + channel binding information does not include enough context to successfully + verify the binding when resuming a TLS session.
Implementations that choose to encode information in the localpart of burner