-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 8/15/12 9:16 AM, Kevin Smith wrote: > On Wed, Aug 15, 2012 at 4:02 PM, Peter Saint-Andre > <[email protected]> wrote: >> In a chatroom I frequent, someone just used last message >> correction, which my client does not support... >> >> [08:18:52] <user> i though the old IPs work again? [08:18:56] >> <user> i thought the old IPs work again? > > That user's client gave them a warning before sending the > correction to the MUC, mind, saying that some users in the MUC > didn't support message correction and would see it as a duplicate > message. > >> I perceived it as retyping the entire message to make the >> correction, which I suppose was reasonable. However, whether the >> retyped message makes sense depends on how much was changed. This >> would have been strange... >> >> [08:18:52] <user> i though the old IPs work again? [08:18:56] >> <user> did I hear correctly that the old IPs work again? >> >> or even... >> >> [08:18:52] <user> i though the old IPs work again? [08:18:56] >> <user> Peter, you're a loser >> >>> I do suspect that a social solution to this issue will be >>> found. >> >> Socially speaking, I think most corrections are slight. But >> potentially they could be significant and subject to abuse. > > It certainly introduces ways for people to do odd things, but in > terms of abuse I'm not convinced. That is - 308 is already clear (I > think, and I can make it clearer) that clients will need to let the > user know that the message has been modified,
Actually it says: "A client SHOULD alert the user that the displayed message has been edited since it was originally sent." Isn't that a UI thing that doesn't deserve or require a SHOULD? ;-) And does the alert/warning apply to the sending user, the receiving users, or both? > so there isn't much of a window for tricking people here (and I > think a good UI is to expose the original message as well, although > simply saying that the message has been edited is probably > sufficient). > > If there are real attacks here, rather than just a feeling that > it's a bit odd and unexpected, we should enumerate them and address > them. So far it seems odd and unexpected, and open to pranks more than serious attacks. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlArwF0ACgkQNL8k5A2w/vxpeQCgwAbTkZcYa7MyBAqnOVX23f1b +YoAoOwoHfrhLr6L8tnVje+aDA3xu3ze =5HeO -----END PGP SIGNATURE-----
