XEP-0465: version 0.1.1

Update Security Considerations according to council feedback.

xep-0465.xml

@@ -29,6 +29,12 @@
     <email>goffi@goffi.org</email>
     <jid>goffi@jabber.fr</jid>
   </author>
+  <revision>
+    <version>0.1.1</version>
+    <date>2022-07-25</date>
+    <initials>Jérôme Poisson (jp)</initials>
+    <remark>Update Security Considerations according to council feedback.</remark>
+  </revision>
   <revision>
     <version>0.1.0</version>
     <date>2022-05-17</date>
@@ -193,6 +199,8 @@
 <section1 topic='Security Considerations' anchor='security'>
     <p>Publishing publicly subscriptions of a user has pricacy implications: those public subscriptions may be used by someone to get a user interests or to know they network of contacts.</p>
     <p>It may be used by bad actors for many reasons like advertising, or it may even be life threating in some countries/situation as it may be used to known political opinion, religion, sexual orientation, etc. A client SHOULD make the subscription public only if there is no doubt that this is what the user wants, by using an opt-in system, and SHOULD display a well visible warning about the consequences of making a subscription public.</p>
+    <p>By having subscription public, an entity JID can be checked or harvested by doing a request on the public subscriptions node. A client SHOULD display a warning clearly indicating that making subscriptions public makes its JID discoverable.</p>
+    <p>For the same reason, a server SHOULD respond identically to a pubsub request to public subscriptions node if the user doesn't exist or if they exist but they don't have any public subscriptions.</p>
 </section1>
 
 <section1 topic='IANA Considerations' anchor='iana'>