moparisthebest
/
xeps
mirror of https://github.com/moparisthebest/xeps
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

XEP-0223: Add a warning about publish-options support

hacx
Jonas Wielicki 5 years ago
parent
48593ca5b8
commit
e18bb0387c
1 changed files with 9 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      xep-0223.xml

11
xep-0223.xml
Unescape View File

@ -25,6 +25,12 @@ @@ -25,6 +25,12 @@
<supersededby/>
<shortname>N/A</shortname>
&stpeter;
<revision>
<version>1.1</version>
<date>2018-03-28</date>
<initials>jwi</initials>
<remark>Make discovery of support mandatory, add security considerations (in reaction to CVE-2018-6591).</remark>
</revision>
<revision>
<version>1.0</version>
<date>2008-09-08</date>
@ -211,7 +217,7 @@ @@ -211,7 +217,7 @@
</section1>
<section1 topic='Determining Support' anchor='support'>
<p>Before an account owner attempts to complete any of the use cases defined herein, its client SHOULD verify that the account owner's server supports both PEP and the "publish-options" feature; to do so, it MUST send a &xep0030; information request to the server (or cache <cite>Entity Capabilities</cite> information received from the server).</p>
<p>Before an account owner attempts to complete any of the use cases defined herein, its client MUST verify that the account owner's server supports both PEP and the "publish-options" feature; to do so, it MUST send a &xep0030; information request to the server (or cache <cite>Entity Capabilities</cite> information received from the server).</p>
<example caption='Account owner queries server regarding protocol support'><![CDATA[
<iq from='juliet@capulet.lit/balcony'
to='capulet.lit'
@ -238,7 +244,8 @@ @@ -238,7 +244,8 @@
</section1>
<section1 topic='Security Considerations' anchor='security'>
<p>This document introduces no security considerations above and beyond those specified in <cite>XEP-0060</cite> and <cite>XEP-0163</cite>.</p>
<p>Since private data is to be stored in a mechanism originally intended to <em>publish</em> data, it is REQUIRED for entities to ensure that the restrictive &lt;publish-options/&gt; will actually be honored by the server by performing the feature discovery procedure as specified in <link url='#support'>Determining Support</link>. If an entity using that procedure finds that the server does not support &lt;publish-options/&gt;, it MUST NOT store private data in PubSub, unless it can ensure privacy of the data with other means.</p>
<p>The Security Considerations specified in <cite>XEP-0060</cite> and <cite>XEP-0163</cite> need to be taken into account.</p>
</section1>
<section1 topic='IANA Considerations' anchor='iana'>

Write Preview
Loading…
Cancel
Save