1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-21 08:45:04 -05:00

XEP-0465: version 0.1.1

Update Security Considerations according to council feedback.
This commit is contained in:
Jérôme Poisson 2022-07-25 18:13:12 +02:00
parent 7c46fc60c0
commit dfafc106d0

View File

@ -29,6 +29,12 @@
<email>goffi@goffi.org</email> <email>goffi@goffi.org</email>
<jid>goffi@jabber.fr</jid> <jid>goffi@jabber.fr</jid>
</author> </author>
<revision>
<version>0.1.1</version>
<date>2022-07-25</date>
<initials>Jérôme Poisson (jp)</initials>
<remark>Update Security Considerations according to council feedback.</remark>
</revision>
<revision> <revision>
<version>0.1.0</version> <version>0.1.0</version>
<date>2022-05-17</date> <date>2022-05-17</date>
@ -193,6 +199,8 @@
<section1 topic='Security Considerations' anchor='security'> <section1 topic='Security Considerations' anchor='security'>
<p>Publishing publicly subscriptions of a user has pricacy implications: those public subscriptions may be used by someone to get a user interests or to know they network of contacts.</p> <p>Publishing publicly subscriptions of a user has pricacy implications: those public subscriptions may be used by someone to get a user interests or to know they network of contacts.</p>
<p>It may be used by bad actors for many reasons like advertising, or it may even be life threating in some countries/situation as it may be used to known political opinion, religion, sexual orientation, etc. A client SHOULD make the subscription public only if there is no doubt that this is what the user wants, by using an opt-in system, and SHOULD display a well visible warning about the consequences of making a subscription public.</p> <p>It may be used by bad actors for many reasons like advertising, or it may even be life threating in some countries/situation as it may be used to known political opinion, religion, sexual orientation, etc. A client SHOULD make the subscription public only if there is no doubt that this is what the user wants, by using an opt-in system, and SHOULD display a well visible warning about the consequences of making a subscription public.</p>
<p>By having subscription public, an entity JID can be checked or harvested by doing a request on the public subscriptions node. A client SHOULD display a warning clearly indicating that making subscriptions public makes its JID discoverable.</p>
<p>For the same reason, a server SHOULD respond identically to a pubsub request to public subscriptions node if the user doesn't exist or if they exist but they don't have any public subscriptions.</p>
</section1> </section1>
<section1 topic='IANA Considerations' anchor='iana'> <section1 topic='IANA Considerations' anchor='iana'>