On 22 May 2016 at 00:50, Sam Whited <[email protected]> wrote: > On Sat, May 21, 2016 at 6:44 PM, XMPP Extensions Editor <[email protected]> > wrote: > > The XMPP Extensions Editor has received a proposal for a new XEP. > > > > Title: User Rating > > > > Abstract: This specification provides for the rating element. > > > > URL: http://xmpp.org/extensions/inbox/userrating.html > > This was an early draft that was discussed at the XMPP Summit 20. We > went ahead and put it in the inbox so that discussion on the approach > could begin. > > Thanks for this.
I would suggest: * The facility probably shouldn't be based on the user's account. This is not information conceptually held by and for the user, so it doesn't match semantically, and besides which, XEP-0355 would have some interesting interaction here. * In 4.1, a simple mechanism is provided to issue spam reports which will increase the score of the target user and ultimately remove them from the server. While §7 offers some mitigation from the obvious attack, it assumes that such an attack would only occur from a single jid. Luckily no spam attacks whatsoever have used multiple source jids in a coordinated way... Perhaps including the offending spammy stanza, as a <forwarded/> copy, and verifying this was sent by checking the target user's archives? It should be reasonably simple to use a Bloom or similar to reject multiple reports of the same stanza efficiently, and an administrator could at least detect the possibility of a coordinated attack against an innocent user. > —Sam > > > -- > Sam Whited > pub 4096R/54083AE104EA7AD3 > https://blog.samwhited.com > _______________________________________________ > Standards mailing list > Info: http://mail.jabber.org/mailman/listinfo/standards > Unsubscribe: [email protected] > _______________________________________________ >
_______________________________________________ Standards mailing list Info: http://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
