Timezone specifier in XEP-0082 can reveal geographic location.

xep-0082.xml

@@ -11,6 +11,7 @@
   &LEGALNOTICE;
   <number>0082</number>
   <status>Active</status>
+  <interim/>
   <type>Informational</type>
   <sig>Standards</sig>
   <dependencies>
@@ -22,6 +23,12 @@
   <supersededby/>
   <shortname>N/A</shortname>
   &stpeter;
+  <revision>
+    <version>1.1</version>
+    <date>2013-03-07</date>
+    <initials>tm</initials>
+    <remark>Add security notice about possible privacy concerns.</remark>
+  </revision>
   <revision>
     <version>1.0</version>
     <date>2003-05-28</date>
@@ -139,7 +146,7 @@
   <p>The 'date', 'dateTime', and 'time' datatypes defined in XML Schema address several "edge cases" such as dates before the year 0000 and after the year 9999, as well as odd timezones no longer in use; most Jabber applications can safely ignore these edge cases, since it is highly unlikely that a Jabber entity will generate such representations.</p>
 </section1>
 <section1 topic='Security Considerations'>
-  <p>There are no security features or concerns related to this proposal.</p>
+  <p>The timezone specifier of a ISO 8601 encoded time can reveal a geographic location to some degree, if it's set to the local time of a user, and thus concerns users' privcacy. To avoid this issue developers are advised to convert local time to UTC before sending ISO 8601 encoded times into the XMPP network.</p>
 </section1>
 <section1 topic='IANA Considerations'>
   <p>This document requires no interaction with &IANA;.</p>
@@ -147,4 +154,7 @@
 <section1 topic='XMPP Registrar Considerations'>
   <p>This document requires no interaction with the &REGISTRAR;.</p>
 </section1>
+<section1 topic='Acknowledgements' anchor='acks'>
+  <p>Thanks to Matthew Miller for his feedback.</p>
+</section1>
 </xep>