[Standards] off-server archives with MAM

Kurt Zeilenga kurt.zeilenga at isode.com
Sat Apr 18 03:24:20 UTC 2015

> On Apr 17, 2015, at 7:57 PM, Peter Saint-Andre - &yet <peter at andyet.net> wrote:
> The Message Archive Management spec (XEP-0313) seems to assume that a message archive will live on the server where a user has registered an account. This raises privacy and security concerns, especially if the messages are not encrypted: as a user I might not want all that message history on the server in case it gets hacked, and as a server admin I might not want the liability of holding all those messages, either. (In fact, as someone who runs a very large public IM service, I can assure you that I do not want to have all those messages entrusted to me!)
> Ideally, to me, my message archive would be stored on a trusted device that is under my control (say, a limited-access storage medium that I keep in my house). This device could authenticate to my account and advertise its existence to my other resources. Using Carbons (XEP-0280) it could obtain copies of all the messages I send and receive. When one of my messaging devices wants to retrieve message history, it would do so by querying this trusted storage device, not the server (which only handles messages for purposes of realtime delivery).
> I would really like to see the wording in XEP-0313 adjusted to take this scenario into account. I am happy to propose text.

I think MAM should be mostly accessing server maintained archives.   If the archives are maintained by some other entity, such as a client under the control of a user, some other extension is needed to address the particulars of this scenario. For instance, discovery (the advertisement you noted above) would be completely different.  I rather not attempt to detail this scenario in XEP 313.  I don’t see any particular need to change XEP 313 text to enable a client to offer MAM services.  I think that’s already allowed.  For instance, Section 7 says “If a server or other entity hosts archives and supports MAM queriers…”.

— Kurt

> Peter
> -- 
> Peter Saint-Andre
> https://andyet.com/

More information about the Standards mailing list