7 Jun
2026
7 Jun
'26
9:12 a.m.
Hi,
Le mardi 2 juin 2026, 19:30:10 heure d’été d’Europe centrale techmetx11 via Standards a
écrit :
As it's written in the specs, I think the
challenge protocol can be
abused to leak a user's presence, because any device associated to the
target user *MUST* send a message to the entity who requested the
challenge, as soon as it receives it.
Indeed, that something to change, it should probably be answered only to people with
presence access.
This would violate RFC 6121's guarantees to not leak the user's network
availability to an entity who's not authorized to know about it.
So, I'm wondering if we could instead have the identity verification be
a secondary optional method of verification, and have something like a
signature of the JID (signed by the XID) in the user's PEP node, that
the user themself HAVE to re-sign once every so often, like a month or
week to ensure it remains valid, so that old hosts cannot impersonate
users with stale signatures.
That sounds like a good option.
Best,
Goffi