[Standards] XEP-0308: Last Message Correction and Carbons

Kevin Smith kevin.smith at isode.com
Mon Sep 26 22:33:23 UTC 2016


> On 16 Sep 2016, at 12:39, Tobias M <tmarkmann at googlemail.com> wrote:
> 
> Hi,
> 
> Under 4. Business Rules XEP-0308 mentions:
> 
>> A correction MUST only be allowed when both the original message and correction are received from the same full-JID.
> 
> However, it has little discussion on why there is this restriction. While it certainly is a MUST for security reasons in MUC situations where different full JIDs are different accounts (i.e. associated to different bare JIDs), it is less so for security reasons in the non-MUC case.

I think one can construct other situations like MUC, where multiple people control different resources of the same bare JID, but maybe that’s pathological (although I’m not sure).

> I’ve shortly discussed it with other community members in the XSF chatroom [1], but thought I’d bring it up here for discussion with a wider audience, while providing a short summary of the room discussions below:
> 
> When would a client send an correction for a message from another account resource? Two cases come to mind:
> a) Carbons, editing a message from another client when you switch clients mid-discussion.

Certainly in this case we’d want to be able to correct them.

> b) Reconnection, where a client has the server assign it a resource.

Which is more or less the same instance as (a), I think.

> What do you think? Do you have further comments on this issue?

I think there’s also a concern that different resources may use the same IDs. Perhaps we should be moving away from using stanza IDs for this, and move towards something like 359 (although 359 has the client-id, stanza-id oddity which we should probably fix at some point and just use multiple stanza-id stamps with the relevant ‘by’ instead).

/K


More information about the Standards mailing list