[Standards] off-server archives with MAM

Peter Saint-Andre - &yet peter at andyet.net
Sat Apr 18 02:57:44 UTC 2015

The Message Archive Management spec (XEP-0313) seems to assume that a 
message archive will live on the server where a user has registered an 
account. This raises privacy and security concerns, especially if the 
messages are not encrypted: as a user I might not want all that message 
history on the server in case it gets hacked, and as a server admin I 
might not want the liability of holding all those messages, either. (In 
fact, as someone who runs a very large public IM service, I can assure 
you that I do not want to have all those messages entrusted to me!)

Ideally, to me, my message archive would be stored on a trusted device 
that is under my control (say, a limited-access storage medium that I 
keep in my house). This device could authenticate to my account and 
advertise its existence to my other resources. Using Carbons (XEP-0280) 
it could obtain copies of all the messages I send and receive. When one 
of my messaging devices wants to retrieve message history, it would do 
so by querying this trusted storage device, not the server (which only 
handles messages for purposes of realtime delivery).

I would really like to see the wording in XEP-0313 adjusted to take this 
scenario into account. I am happy to propose text.


Peter Saint-Andre

More information about the Standards mailing list