[Standards] LAST CALL: XEP-0308 (Last Message Correction)

Peter Saint-Andre stpeter at stpeter.im
Wed Aug 15 15:29:33 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/15/12 9:16 AM, Kevin Smith wrote:
> On Wed, Aug 15, 2012 at 4:02 PM, Peter Saint-Andre
> <stpeter at stpeter.im> wrote:
>> In a chatroom I frequent, someone just used last message
>> correction, which my client does not support...
>> 
>> [08:18:52] <user> i though the old IPs work again? [08:18:56]
>> <user> i thought the old IPs work again?
> 
> That user's client gave them a warning before sending the
> correction to the MUC, mind, saying that some users in the MUC
> didn't support message correction and would see it as a duplicate
> message.
> 
>> I perceived it as retyping the entire message to make the
>> correction, which I suppose was reasonable. However, whether the
>> retyped message makes sense depends on how much was changed. This
>> would have been strange...
>> 
>> [08:18:52] <user> i though the old IPs work again? [08:18:56]
>> <user> did I hear correctly that the old IPs work again?
>> 
>> or even...
>> 
>> [08:18:52] <user> i though the old IPs work again? [08:18:56]
>> <user> Peter, you're a loser
>> 
>>> I do suspect that a social solution to this issue will be
>>> found.
>> 
>> Socially speaking, I think most corrections are slight. But 
>> potentially they could be significant and subject to abuse.
> 
> It certainly introduces ways for people to do odd things, but in
> terms of abuse I'm not convinced. That is - 308 is already clear (I
> think, and I can make it clearer) that clients will need to let the
> user know that the message has been modified,

Actually it says:

"A client SHOULD alert the user that the displayed message has been
edited since it was originally sent."

Isn't that a UI thing that doesn't deserve or require a SHOULD? ;-)

And does the alert/warning apply to the sending user, the receiving
users, or both?

> so there isn't much of a window for tricking people here (and I
> think a good UI is to expose the original message as well, although
> simply saying that the message has been edited is probably
> sufficient).
> 
> If there are real attacks here, rather than just a feeling that
> it's a bit odd and unexpected, we should enumerate them and address
> them.

So far it seems odd and unexpected, and open to pranks more than
serious attacks.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlArwF0ACgkQNL8k5A2w/vxpeQCgwAbTkZcYa7MyBAqnOVX23f1b
+YoAoOwoHfrhLr6L8tnVje+aDA3xu3ze
=5HeO
-----END PGP SIGNATURE-----



More information about the Standards mailing list