> On Apr 17, 2015, at 7:57 PM, Peter Saint-Andre - &yet <pe...@andyet.net> > wrote: > > The Message Archive Management spec (XEP-0313) seems to assume that a message > archive will live on the server where a user has registered an account. This > raises privacy and security concerns, especially if the messages are not > encrypted: as a user I might not want all that message history on the server > in case it gets hacked, and as a server admin I might not want the liability > of holding all those messages, either. (In fact, as someone who runs a very > large public IM service, I can assure you that I do not want to have all > those messages entrusted to me!) > > Ideally, to me, my message archive would be stored on a trusted device that > is under my control (say, a limited-access storage medium that I keep in my > house). This device could authenticate to my account and advertise its > existence to my other resources. Using Carbons (XEP-0280) it could obtain > copies of all the messages I send and receive. When one of my messaging > devices wants to retrieve message history, it would do so by querying this > trusted storage device, not the server (which only handles messages for > purposes of realtime delivery). > > I would really like to see the wording in XEP-0313 adjusted to take this > scenario into account. I am happy to propose text.
I think MAM should be mostly accessing server maintained archives. If the archives are maintained by some other entity, such as a client under the control of a user, some other extension is needed to address the particulars of this scenario. For instance, discovery (the advertisement you noted above) would be completely different. I rather not attempt to detail this scenario in XEP 313. I don’t see any particular need to change XEP 313 text to enable a client to offer MAM services. I think that’s already allowed. For instance, Section 7 says “If a server or other entity hosts archives and supports MAM queriers…”. — Kurt > > Peter > > -- > Peter Saint-Andre > https://andyet.com/
