[Standards] [XEP-0030] we can't get basic information on a bare JID without presence subscription

Daniel Gultsch daniel at gultsch.de
Wed Jan 19 10:17:54 UTC 2022


Hi,

I understand the need to request disco#info from a PEP service.

However I don’t feel good about removing security sections.

I think it is important to differentiate between the account (which is
what XEP-0030 is talking about) and the PubSub service running on that
account. I think semantically (not sure how and if this would work
internally in a server) it would be possible for the PubSub service on
the account to respond to query#info (maybe under the condition that
there are open nodes) but the account itself still upholding the
security sections.

Or in other words. Without presence subscription you get only the
<identity category='pubsub' type='pep'/> (and related features) and
with presence subscription you also get <identity category='account'
type='registered'/> and features related to the account.

This way a server that doesn’t have PEP can still adhere to the
'stricter' rules. (Just because IM uses more and more PEP with open
nodes doesn’t mean every XMPP user is IM)


With my council hat on I'll probably vote against this PR today. But
I'd be open to a change to the PEP XEP that partially overwrites the
security considerations in XEP30 with words like "if open nodes exists
the PEP service MAY respond to disco#info requests even if there is no
presence subscription)


cheers
Daniel




On Fri, Jan 7, 2022 at 12:30 PM Goffi <goffi at goffi.org> wrote:

> in the context of my work on ActivityPub <=> XMPP gateway, I need to know if a PEP service handles RSM.
>
>
> Normally this is done by doing a disco#info request and looking for ""http://jabber.org/protocol/pubsub#rsm".
>
> The problem is that I need to have presence subscription to do that on a bare JID (due to "https://xmpp.org/extensions/xep-0030.html#security"), even if the node I want to request (in the presence case, it's XEP-0277's microblog node) is open and thus publicly accessible.
>
>
> It make little sense to need a presence subscription to get basic information on a pubsub node that I want to request, and it's not an option to presence subscribe each time my gateway wants to access a node.
>
>
> I think that this security measure was made to prevent JID haversting at a time when PEP was thought as a mean to broadcast private data only, but nowaday it's also used as a handy way to find very public data (like public microblog, public encryption keys, etc).
>
> If one wants to check if a JID exists, requesting well-known public node is enough, thus I think this security consideration is outdated and should be removed.
>
>
> For my present use case, I can work around it by trying RSM resquest and checking result, but this is ugly and needlessly complicating the code. Furthermore, I suspect that this issue is more general and will hit again .
>
>
> Thus I would like to see if we can get rid of this security restriction in XEP-0030. I know that this XEP is final, but as dwd pointed on xsf@ MUC where we've discussed the problem, this would be a backward compatible change.
>
>
> I've made a pull request to update XEP-0030 at https://github.com/xsf/xeps/pull/1145 . My proposal is to remove entirely those considerations (but to keep ones regarding available resources).
>
>
> An other option could be to keep the consideration, but allow disco#info when a node is specified, thus one could disco#info with node "urn:xmpp:microblog:0" even without pubsub subscription, that would keep the "service-unavailble" when no node is specified (but I think this measure will become totally useless as open nodes will become more common).


More information about the Standards mailing list