council feels strongly that this document should get rid of its use of
orgin-id and instead use the message@id for 1:1 chats.¹

I've created a pull request which implements some of the Last Call feedback.

https://github.com/xsf/xeps/pull/1419

* Use a XEP-0425 /me command in the fallback body
* State that a tombstone's <retracted> element's 'id' attribute should match the retraction message's 'id'.
* Specify XEP-0359 as a dependency and require that the stanza 'id' be used instead of the origin-id.
* Update the "Security Considerations" to mention the risk of not being able to uniquely identify which message should be retracted when retracting messages from clients that don't support XEP-0359.

Concerning the <origin-id> debate:
One benefit I can see from using <origin-id>, is that if you're retracting a message from a different client (as larma wrote about), and there is no <origin-id>, then you are at least made aware that there's no guarantee that it will be possible to correctly identify which message should be retracted. A client could then choose not to allow retractions, or otherwise inform the user about the issue.

Without <origin-id>'s, a client could do a disco query to check for support, but the other client might be offline, so this is not foolproof.

I've updated the Security Considerations to mention this issue, which to be fair is an issue regardless of whether <origin-id>'s are used or not.

JC