Hello Maxime Perhaps the phrasing could be reworked. It relates only to sensitive information, which perhaps should be emphasized. If access to, and lifetime of, what is being published using pubsub can be securely managed, it can of course be used. The problem is that, you have to develop data protection measures to make sure that that is the case (for sensitive information). If very sensitive information is being processed, end-to-end encryption might even have to be used (ยง7.3.1), which is even more problematic in a one-to-many communication patern. All these issues become easier if direct messaging is used, since it uses a natural point-to-point pattern, and except for offline storage, and in-transit processing aspects, do not persist the contents of the message. The XEP does not consider persistence or processing of logged events, just the transport of the events themselves.
Best regards, Peter Waher > Hi Standards, > > I came across 0337 and I like the idea. Reading the security > considerations, it is said in [7.3.2]: > > """ > [..] even more care should be taken to log only information that can be > published openly. If there's risk for sensitive information to be > logged, the publish/subscribe pattern should be avoided. > """ > > As PubSub does have access models, I am not sure I understand the risks > mentioned in this paragraph. Does anybody have any insight on why this > was written this way? > > > [7.3.2]: https://xmpp.org/extensions/xep-0337.html#sect-idm140133614364832
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________