[Standards] Proposed XMPP Extension: User Rating

Dave Cridland dave at cridland.net
Mon May 23 09:04:23 UTC 2016


On 22 May 2016 at 00:50, Sam Whited <sam at samwhited.com> wrote:

> On Sat, May 21, 2016 at 6:44 PM, XMPP Extensions Editor <editor at xmpp.org>
> wrote:
> > The XMPP Extensions Editor has received a proposal for a new XEP.
> >
> > Title: User Rating
> >
> > Abstract: This specification provides for the rating element.
> >
> > URL: http://xmpp.org/extensions/inbox/userrating.html
>
> This was an early draft that was discussed at the XMPP Summit 20. We
> went ahead and put it in the inbox so that discussion on the approach
> could begin.
>
>
Thanks for this.

I would suggest:

* The facility probably shouldn't be based on the user's account. This is
not information conceptually held by and for the user, so it doesn't match
semantically, and besides which, XEP-0355 would have some interesting
interaction here.

* In 4.1, a simple mechanism is provided to issue spam reports which will
increase the score of the target user and ultimately remove them from the
server. While §7 offers some mitigation from the obvious attack, it assumes
that such an attack would only occur from a single jid. Luckily no spam
attacks whatsoever have used multiple source jids in a coordinated way...
Perhaps including the offending spammy stanza, as a <forwarded/> copy, and
verifying this was sent by checking the target user's archives? It should
be reasonably simple to use a Bloom or similar to reject multiple reports
of the same stanza efficiently, and an administrator could at least detect
the possibility of a coordinated attack against an innocent user.




> —Sam
>
>
> --
> Sam Whited
> pub 4096R/54083AE104EA7AD3
> https://blog.samwhited.com
> _______________________________________________
> Standards mailing list
> Info: http://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20160523/a154737d/attachment.html>


More information about the Standards mailing list