On 15.07.2015 10:12, Dave Cridland wrote: > Can we add something into the security considerations for this document > which discusses the exposure of the jid in "by", please?
I had the same though, but then discarded adding such a consideration because the only JIDs worth protecting are the ones of clients. And those don't have a need to set the 'by' value. But, adding an explicit statement about (client) JID leaks can't hurt. Noted for the next version bump of XEP-SID. - Florian
signature.asc
Description: OpenPGP digital signature