The Message Archive Management spec (XEP-0313) seems to assume that a
message archive will live on the server where a user has registered an
account. This raises privacy and security concerns, especially if the
messages are not encrypted: as a user I might not want all that message
history on the server in case it gets hacked, and as a server admin I
might not want the liability of holding all those messages, either. (In
fact, as someone who runs a very large public IM service, I can assure
you that I do not want to have all those messages entrusted to me!)
Ideally, to me, my message archive would be stored on a trusted device
that is under my control (say, a limited-access storage medium that I
keep in my house). This device could authenticate to my account and
advertise its existence to my other resources. Using Carbons (XEP-0280)
it could obtain copies of all the messages I send and receive. When one
of my messaging devices wants to retrieve message history, it would do
so by querying this trusted storage device, not the server (which only
handles messages for purposes of realtime delivery).
I would really like to see the wording in XEP-0313 adjusted to take this
scenario into account. I am happy to propose text.
Peter
--
Peter Saint-Andre
https://andyet.com/
