On Sat, 18 Jan 2025 at 07:35, JC Brand <[email protected]> wrote: > On 2024/12/24 12:52, Dave Cridland wrote: > > 4. Do you have any security concerns related to this specification? >> >> > Always! I think in this case the Security Considerations are quite light. > In particular, there is no discussion of how a message might be > deliberately retracted as a form of abuse - this is perhaps worst in cases > where the tombstone support is implemented. > > > What kind of abuse are you thinking of here, and what exactly do you think > needs to be written down? > You mean like someone trying to fill a chat history with useless > tombstones? This doesn't seem to me like a XEP-0424-specific concern. You > don't need retractions or tombstones to spam a chat with useless messages. >
If an abusive message is retracted, and the service actually excises the message entirely from the archive, replacing it with a tombstone, then there's no record of the abusive message (but it's been seen by its target, and so has done its job). So, for example, I send a message saying something highly abusive such as "JC Brand prefers XEP-0136 to XEP-0313" to xsf@ and then after you've seen it and understandably been shocked to your very core, and then I retract the message, it'd be sensible if the moderators could examine the archive, find the message, and uphold your complaint - rather than my retraction disposing of the evidence. Does that make more sense? Am I misreading the intent of tombstones there (and, therefore, could this be made clearer?) Dave.
_______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
