moparisthebest
/
xeps
mirror of https://github.com/moparisthebest/xeps
1
0
Fork 0
Code Issues Releases Wiki Activity

PubSub Server Info: Add privacy consideration 

The XEP now mandates to include domain names of remote domains only after those remote domains advertise support for this XEP. This is intended as an opt-in mechanism.
This commit is contained in:
Guus der Kinderen 2023-12-20 16:10:22 +01:00
parent d1606cda1e
commit 7e82fc1fd0
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
inbox/pubsub-server-info.xml
View File

@ -73,7 +73,8 @@
<serverinfo xmlns='urn:xmpp:serverinfo:0'>
<domain name='shakespeare.lit'/>
</serverinfo>]]></example>
<p>The optional 'federation' child element is used to denote remote XMPP domains with which the local domain is federating. Each of them are represented by an element named 'remote-domain'. The domain name of the peer in an attribute named 'name'. Optionally, each actual (e.g. TCP) connection from the local server to the peer is added as a 'connection' child-element to the 'remote-domain' element, that has an optional 'type' attribute, defining the directionality of the connection (one of 'incoming', 'outgoing' and 'bidi').</p>
<p>The optional 'federation' child element is used to denote remote XMPP domains with which the local domain is federating. Each of them are represented by an element named 'remote-domain'. The domain name of the peer in an optional attribute named 'name'. Optionally, each actual (e.g. TCP) connection from the local server to the peer is added as a 'connection' child-element to the 'remote-domain' element, that has an optional 'type' attribute, defining the directionality of the connection (one of 'incoming', 'outgoing' and 'bidi').</p>
<p>The name of a remote domain MUST only be included if the remote server advertises supporting for this XEP. This acts as an opt-in mechanism, to address the privacy concern defined in the <link url="#privacy">Privacy Considerations section</link> of this document.</p>
<example caption="Data Format with Federated Domains"><![CDATA[
<serverinfo xmlns="urn:xmpp:serverinfo:0">
<domain name="shakespeare.lit">
@ -88,7 +89,7 @@
</federation>
</domain>
</serverinfo>]]></example>
<p>Additional data MAY be included as child-elements of the 'server-info' element or any of the 'domain' elements. Such data MUST be namespaced appropriately. The example below uses the 'query' element defined in &xep0092; to include information about the software application associated with the local server.</p>
<p>Additional data MAY be included as child-elements of the 'serverinfo' element or any of the 'domain' elements. Such data MUST be namespaced appropriately. The example below uses the 'query' element defined in &xep0092; to include information about the software application associated with the local server.</p>
<example caption="Data Format with Software Version"><![CDATA[
<serverinfo xmlns="urn:xmpp:serverinfo:0">
<domain name="shakespeare.lit">
@ -136,6 +137,9 @@
<section1 topic="Implementation Notes" anchor="impl">
<p>As certain information can be expected to be updated continuously and frequently, the server MAY choose to reduce the frequency of updates of the 'serverinfo' pub-sub node.</p>
</section1>
<section1 topic="Privacy Considerations" anchor="privacy">
<p>When multiple domains publish their connections to named remote domains, an information leak occurs: by collecting these public statistics, behavioral data of those remote domains can be deduced. To prevent undesired privacy-sensitive information leaks, a domain MUST NOT publish the name of a remote domain, unless that domain advertises support for this XEP.</p>
</section1>
<section1 topic="IANA Considerations" anchor="iana">
<p>This document requires no interaction with the &IANA;</p>
</section1>