On Sat, 18 Jan 2025 at 17:18, JC Brand <[email protected]> wrote: > > On 2025/01/18 14:38, Dave Cridland wrote: > > > > On Sat, 18 Jan 2025 at 07:35, JC Brand <[email protected]> wrote: > >> On 2024/12/24 12:52, Dave Cridland wrote: >> >> 4. Do you have any security concerns related to this specification? >>> >>> >> Always! I think in this case the Security Considerations are quite light. >> In particular, there is no discussion of how a message might be >> deliberately retracted as a form of abuse - this is perhaps worst in cases >> where the tombstone support is implemented. >> >> >> What kind of abuse are you thinking of here, and what exactly do you >> think needs to be written down? >> You mean like someone trying to fill a chat history with useless >> tombstones? This doesn't seem to me like a XEP-0424-specific concern. You >> don't need retractions or tombstones to spam a chat with useless messages. >> > > If an abusive message is retracted, and the service actually excises the > message entirely from the archive, replacing it with a tombstone, then > there's no record of the abusive message (but it's been seen by its target, > and so has done its jobCh > > > Ok, so rephrase into XEPanese: > > If message retraction results in the complete removal of any record of the > original message's body, for example to be replaced by a tombstone, then > this could be used to hide messages that moderators might want to be > notified of. >
This feels like a useful thing to point out, and the text seems good to me, thank you. Dave.
_______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
