On 2025/01/18 14:38, Dave Cridland wrote:
On Sat, 18 Jan 2025 at 07:35, JC Brand <[email protected]> wrote: On 2024/12/24 12:52, Dave Cridland wrote:4. Do you have any security concerns related to this specification? Always! I think in this case the Security Considerations are quite light. In particular, there is no discussion of how a message might be deliberately retracted as a form of abuse - this is perhaps worst in cases where the tombstone support is implemented.What kind of abuse are you thinking of here, and what exactly do you think needs to be written down? You mean like someone trying to fill a chat history with useless tombstones? This doesn't seem to me like a XEP-0424-specific concern. You don't need retractions or tombstones to spam a chat with useless messages.If an abusive message is retracted, and the service actually excises the message entirely from the archive, replacing it with a tombstone, then there's no record of the abusive message (but it's been seen by its target, and so has done its jobCh
Ok, so rephrase into XEPanese:If message retraction results in the complete removal of any record of the original message's body, for example to be replaced by a tombstone, then this could be used to hide messages that moderators might want to be notified of.
- JC
_______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
