[Standards] Deprecating Privacy Lists

Ralph Meijer ralphm at ik.nu
Thu Oct 8 10:21:41 UTC 2015


On 2015-10-06 19:24, Evgeny Khramtsov wrote:
> Tue, 6 Oct 2015 11:35:58 -0500
> Sam Whited <sam at samwhited.com> wrote:
> 
>> and I doubt that
>> anyone's going to try and come up with a new thing *unless* the old
>> one is deprecated
> 
> The thing is nobody will come up even in the case the XEP is deprecated.
> There were several attempts to write SPIM related XEPs. None of them
> was widely adopted. So we may end up with servers with privacy
> lists disabled and their users unprotected from some sort of attacks.


A little background. After going draft, privacy lists as defined in
JEP-0016 were moved to the first XMPP IM specification (RFC 3921) and
thus deprecated as a JEP. Then, mostly because of the same reasons
(complexity and performance impact), it was dropped for the bis version
(eventually RFC 6121) and reinstated into JEP-0016 in 2006 [*1].

Initially, JEP-0191 (Blocking Command) was introduced as an alternative
that would go into the bis version of the RFC. However, it was decided
that the new RFC would just refer to both JEPs as ways to implement
blocking, as required by RFC 2779 (Instant Messaging / Presence Protocol
Requirements).

So basically, implementors have wanted to get rid of this stuff for
quite a while now.  If nobody comes up with a new specification for
functionality beyond XEP-0191, then my conclusion would be that there is
no sufficient interest. As I said before, the XSF does not generate
specifications that everybody then must implement. It works the other
way around: if there is enough interest in some feature, people will
work on a specification that can then be discussed and accepted by the
Council as a XEP.

Hopefully, such a specification is the result of ongoing experiments
around that feature. If interest dies down and/or fails to get proper
adoption, like happened with your SPIM XEP, it expires. While we can
attempt to steer implementors in a particular direction with Compliance
Suites [*2], even those are not a guarantee that things will get
widespread adoption.

I believe that dropping XEP-0016 is the way forward, and if there are
indeed pressing features that require an alternative, I hope people will
come and start a new, simpler, specification for just that feature and
work together with several implementors to get adoption.

Also note that Deprecated is not the same thing as Obsolete. Deprecation
just says we don't encourage new implementations. Obsolete says that a
protocol should no longer be implemented or deployed. We currently have
3 other Deprecated XEPs and 27 Obsolete ones.

[*1] This was around the same time of changing the naming of JEPs to
     XEPs along with the change of the JSF (Jabber Software Foundation)
     to the XSF.
[*2] Thanks, Sam, for picking that up again.

-- 
ralphm


More information about the Standards mailing list