From 8cc7ce6e46ef54ff6fbe997359e1e1d4681b240e Mon Sep 17 00:00:00 2001
From: Daniel Gultsch <daniel@gultsch.de>
Date: Sun, 8 Mar 2020 12:10:05 +0100
Subject: [PATCH] XEP-0384: explain that access model should be open

---
 xep-0384.xml | 36 +++++++++++++++++++++++++++++++++---
 1 file changed, 33 insertions(+), 3 deletions(-)

diff --git a/xep-0384.xml b/xep-0384.xml
index ad80a8d8..7ebb148c 100644
--- a/xep-0384.xml
+++ b/xep-0384.xml
@@ -189,7 +189,10 @@
 </message>]]></example>
   </section2>
   <section2 topic='Announcing support' anchor='usecases-announcing'>
+    <section3 topic='Device list' anchor='devices'>
     <p>In order for other devices to be able to initiate a session with a given device, it first has to announce itself by adding its device ID to the devicelist PEP node. </p>
+    <p>It is RECOMMENDED to set the access model of the ‘urn:xmpp:omemo:1:devices’ node to ‘open’ to give entities without presence subscription read access to the devices and allow them to establish an OMEMO session. Not having presence subscription is a common occurrence on the first few messages between two contacts and can also happen fairly frequently in group chats as not every participant had prior communication with every other participant.</p>
+  <p>The access model can be changed efficiently by using publish-options.</p>
     <example caption='Adding the own device ID to the list'><![CDATA[
 <iq from='juliet@capulet.lit' type='set' id='announce1'>
   <pubsub xmlns='http://jabber.org/protocol/pubsub'>
@@ -202,13 +205,26 @@
         </devices>
       </item>
     </publish>
+    <publish-options>
+      <x xmlns='jabber:x:data' type='submit'>
+        <field var='FORM_TYPE' type='hidden'>
+          <value>http://jabber.org/protocol/pubsub#publish-options</value>
+        </field>
+        <field var='pubsub#access_model'>
+          <value>open</value>
+        </field>
+      </x>
+    </publish-options>
   </pubsub>
 </iq>]]></example>
     <p>NOTE: as per <link url='https://xmpp.org/extensions/xep-0060.html#impl-singleton'><cite>XEP-0060</cite> §12.20</link>, it is RECOMMENDED for the publisher to specify an ItemID of "current" to ensure that the publication of a new item will overwrite the existing item.</p>
     <p>This step presents the risk of introducing a race condition: Two devices might simultaneously try to announce themselves, unaware of the other's existence. The second device would overwrite the first one. To mitigate this, devices MUST check that their own device ID is contained in the list whenever they receive a PEP update from their own account. If they have been removed, they MUST reannounce themselves.</p>
+    </section3>
+    <section3 topic='Bundles' anchor='bundles'>
     <p>Furthermore, a device MUST publish its IdentityKey, a signed PreKey, and a list of PreKeys. This tuple is called a bundle. Bundles are maintained as multiple items in a PEP node called ‘urn:xmpp:omemo:1:bundles’. Each bundle MUST be stored in a seperate item. The item id MUST be set to the device id.</p>
-    <p>A bundle is an element called ‘bundle’ in the ‘urn:xmpp:omomo:1’ namespace. It has a child element called ‘spk’ that contains the signed PreKey as base64 encoded data, a child element called ‘spks’ that contains the signed PreKey signature as base64 encoded data and a child element called ‘ik’ that contains the identity key as base64 encoded data. PreKeys are multiple elements called ‘pk’ that each contain one PreKey as base64 encoded data. PreKeys are wrapped in an element called ‘prekeys’ which is a child of the bundle element.</p>
+    <p>A bundle is an element called 'bundle' in the 'urn:xmpp:omomo:1' namespace. It has a child element called ‘spk’ that contains the signed PreKey as base64 encoded data, a child element called ‘spks’ that contains the signed PreKey signature as base64 encoded data and a child element called ‘ik’ that contains the identity key as base64 encoded data. PreKeys are multiple elements called ‘pk’ that each contain one PreKey as base64 encoded data. PreKeys are wrapped in an element called ‘prekeys’ which is a child of the bundle element.</p>
     <p>The bundle element MAY contain an attribute called label, which is a user defined string describing the device that published that bundle.</p>
+    <p>When publishing bundles a client MUST make sure that the 'urn:xmpp:omemo:1' node is configured to store multiple items. This is not the default with &xep0163;. If the node doesn’t exist yet it can be configured on the fly by using publish-options as described in <link url="https://xmpp.org/extensions/xep-0060.html#publisher-publish-options"><cite>XEP-0060</cite> §7.1.5</link>. The value for 'pubsub#max_items' in publish_options MUST be set to 'max'. If the node did exist and was configured differently the bundle publication will fail. Clients MUST then reconfigure the node as described in <link url="https://xmpp.org/extensions/xep-0060.html#owner-configure"><cite>XEP-0060</cite> §8.2</link>.</p>
     <example caption='Publishing bundle information'><![CDATA[
 <iq from='juliet@capulet.lit' type='set' id='annouce2'>
   <pubsub xmlns='http://jabber.org/protocol/pubsub'>
@@ -228,10 +244,20 @@
         </bundle>
       </item>
     </publish>
+    <publish-options>
+      <x xmlns='jabber:x:data' type='submit'>
+        <field var='FORM_TYPE' type='hidden'>
+          <value>http://jabber.org/protocol/pubsub#publish-options</value>
+        </field>
+        <field var='pubsub#max_items'>
+          <value>max</value>
+        </field>
+      </x>
+    </publish-options>
   </pubsub>
 </iq>]]></example>
-  <p>It is RECOMMENDED to set the access model of the ‘urn:xmpp:omemo:1:bundles’ node to ‘open’ to give entities without presence subscription read access to the bundles and allow them to establish an OMEMO session. Not having presence subscription is a common occurrence on the first few messages between two contacts and can also happen fairly frequently in group chats as not every participant had prior communication with every other participant.</p>
-  <p>The access model can be changed efficiently by using publish-options as described in <link url="https://xmpp.org/extensions/xep-0060.html#publisher-publish-options"><cite>XEP-0060</cite> §7.1.5</link>.</p>
+  <p>As with the 'urn:xmpp:omemo:1:devices' node it is RECOMMENDED to set the access model of the 'urn:xmpp:omemo:1:bundles' to open. Clients that do not adhere to the recommended access model (and for example want to stick to the default 'presence') are highly encouraged to configure the same access model for 'urn:xmpp:omemo:1:devices' and 'urn:xmpp:omemo:1:bundles', otherwise remote entities might end up in a situation where they are able to retrieve the device list but not the bundle or vice versa.</p>
+  <p>The access model can be changed efficiently by using publish-options.</p>
   <example caption='Publishing bundle information with an open access model'><![CDATA[
 <iq from='juliet@capulet.lit' type='set' id='annouce2'>
   <pubsub xmlns='http://jabber.org/protocol/pubsub'>
@@ -247,6 +273,9 @@
         <field var='FORM_TYPE' type='hidden'>
           <value>http://jabber.org/protocol/pubsub#publish-options</value>
         </field>
+        <field var='pubsub#max_items'>
+          <value>max</value>
+        </field>
         <field var='pubsub#access_model'>
           <value>open</value>
         </field>
@@ -254,6 +283,7 @@
     </publish-options>
   </pubsub>
 </iq>]]></example>
+  </section3>
   </section2>
   <section2 topic='Building a session' anchor='usecases-building'>
     <p>In order to build a session with a device, their bundle information is fetched.</p>