From ced8effb0eb413bd42335c646f77e522eb402d34 Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Thu, 7 Mar 2013 16:33:06 +0100 Subject: [PATCH] Timezone specifier in XEP-0082 can reveal geographic location. --- xep-0082.xml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/xep-0082.xml b/xep-0082.xml index e77afdc6..6cdbef91 100644 --- a/xep-0082.xml +++ b/xep-0082.xml @@ -11,6 +11,7 @@ &LEGALNOTICE; 0082 Active + Informational Standards @@ -22,6 +23,12 @@ N/A &stpeter; + + 1.1 + 2013-03-07 + tm + Add security notice about possible privacy concerns. + 1.0 2003-05-28 @@ -139,7 +146,7 @@

The 'date', 'dateTime', and 'time' datatypes defined in XML Schema address several "edge cases" such as dates before the year 0000 and after the year 9999, as well as odd timezones no longer in use; most Jabber applications can safely ignore these edge cases, since it is highly unlikely that a Jabber entity will generate such representations.

-

There are no security features or concerns related to this proposal.

+

The timezone specifier of a ISO 8601 encoded time can reveal a geographic location to some degree, if it's set to the local time of a user, and thus concerns users' privcacy. To avoid this issue developers are advised to convert local time to UTC before sending ISO 8601 encoded times into the XMPP network.

This document requires no interaction with &IANA;.

@@ -147,4 +154,7 @@

This document requires no interaction with the ®ISTRAR;.

 + +

Thanks to Matthew Miller for his feedback.

+