21 Oct
2025
21 Oct
'25
1:32 a.m.
It’s also worth adding that it would make sense to have a PEP service for the
server itself (i.e., at `example.org` instead of `user(a)example.org`), which
would simplify several use cases, including the XEP-0485 one. This would avoid
the problem stated in § 7 Privacy Considerations:
The mere presence of an applicable pub-sub node MUST
NOT be used for Service
Discovery purposes, as under common service configuration, non-administrative
users are allowed to create such nodes.
As with a PEP for the server itself, non-administrative users could not create
anything.
This PEP for server itself idea was already proposed by Mathieu Pasquet with
an earlier version of XEP-0455.
Best,
Goffi