mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-21 08:45:04 -05:00
XEP-0465: version 0.1.1
Update Security Considerations according to council feedback.
This commit is contained in:
parent
7c46fc60c0
commit
dfafc106d0
@ -29,6 +29,12 @@
|
|||||||
<email>goffi@goffi.org</email>
|
<email>goffi@goffi.org</email>
|
||||||
<jid>goffi@jabber.fr</jid>
|
<jid>goffi@jabber.fr</jid>
|
||||||
</author>
|
</author>
|
||||||
|
<revision>
|
||||||
|
<version>0.1.1</version>
|
||||||
|
<date>2022-07-25</date>
|
||||||
|
<initials>Jérôme Poisson (jp)</initials>
|
||||||
|
<remark>Update Security Considerations according to council feedback.</remark>
|
||||||
|
</revision>
|
||||||
<revision>
|
<revision>
|
||||||
<version>0.1.0</version>
|
<version>0.1.0</version>
|
||||||
<date>2022-05-17</date>
|
<date>2022-05-17</date>
|
||||||
@ -193,6 +199,8 @@
|
|||||||
<section1 topic='Security Considerations' anchor='security'>
|
<section1 topic='Security Considerations' anchor='security'>
|
||||||
<p>Publishing publicly subscriptions of a user has pricacy implications: those public subscriptions may be used by someone to get a user interests or to know they network of contacts.</p>
|
<p>Publishing publicly subscriptions of a user has pricacy implications: those public subscriptions may be used by someone to get a user interests or to know they network of contacts.</p>
|
||||||
<p>It may be used by bad actors for many reasons like advertising, or it may even be life threating in some countries/situation as it may be used to known political opinion, religion, sexual orientation, etc. A client SHOULD make the subscription public only if there is no doubt that this is what the user wants, by using an opt-in system, and SHOULD display a well visible warning about the consequences of making a subscription public.</p>
|
<p>It may be used by bad actors for many reasons like advertising, or it may even be life threating in some countries/situation as it may be used to known political opinion, religion, sexual orientation, etc. A client SHOULD make the subscription public only if there is no doubt that this is what the user wants, by using an opt-in system, and SHOULD display a well visible warning about the consequences of making a subscription public.</p>
|
||||||
|
<p>By having subscription public, an entity JID can be checked or harvested by doing a request on the public subscriptions node. A client SHOULD display a warning clearly indicating that making subscriptions public makes its JID discoverable.</p>
|
||||||
|
<p>For the same reason, a server SHOULD respond identically to a pubsub request to public subscriptions node if the user doesn't exist or if they exist but they don't have any public subscriptions.</p>
|
||||||
</section1>
|
</section1>
|
||||||
|
|
||||||
<section1 topic='IANA Considerations' anchor='iana'>
|
<section1 topic='IANA Considerations' anchor='iana'>
|
||||||
|
Loading…
Reference in New Issue
Block a user