On 1 November 2016 at 18:13, Chris Ballinger <[email protected]> wrote: > People already have a casual understanding that you can't completely enforce > message deletion.
Actually, I'm really not sure that's as true as you assert. People currently think that it requires an assertive effort on the part of the recipient to defeat an ephemeral message timeout - because it does in a closed ecosystem. That's not the case in an open ecosystem - someone's client could just ignore the request, and might even have a setting to do so. It's this that's at the root of my concern - users have a working knowledge of how this feature works. And we cannot match those expectations. As I've said, I think it's worth having a document that specifies this, and it might be useful in some circumstances, and it'd be extremely useful to collect the Security Considerations we're discussing here to explain why this is difficult and may be misleading. So I'm absolutely in favour of specifying this, but I suspect I'd refuse to implement in any secure client I wrote. Dave. _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
