I think it odd that this spec says
This specification introduces no known security considerations.
When it’s providing hints, at least in certain use cases, to an attacker as to
what the sender considers to be more sensitive. That is, it seems to be a
“look at this stanza” flag to attackers.
Also, 334 says the requirements include "allow a sender to hint to the
recipient” but it seems to be asking entities providing archive services stanza
(or copying) to act on the hint.
I also note that when MAM is implemented on top of an auditing-style database,
one meeting the requirement to record all traffic, then the <no-store/> &
<no-permenant-store/> hints, to the implementor, should be regarded as hints as
to what stanzas to return to the entity making the MAM request.
— Kurt
> On Dec 22, 2014, at 1:35 AM, Adrien <[email protected]> wrote:
>
> Hi,
>
> similar to my previous message about XEP-0313. I noticed some confusion in
> XEP-0334 [1]:
>
> In section 3, the hint is <no-store/> but section 4 says <no-storage/> and
> <no-permanent-storage/>.
>
> If the MAM implementation in Prosody is right, <no-storage/> and
> <no-permanent-storage/> are the good ones [2].
>
> Regards,
> Adrien
>
> [1] http://xmpp.org/extensions/xep-0334.html
> [2]
> https://code.google.com/p/prosody-modules/source/browse/mod_mam/mod_mam.lua
> lines 208 and 209
