Obsolete even due to the security implications the Security Considerations fail to mention.
I'll make sure we are going to vote on this in the next council session. 2016-08-27 14:27 GMT+02:00 Emmanuel Gil Peyrot <linkma...@linkmauve.fr>: > Hello, > > I’d like to propose deprecating XEP-0146, on the basis that some of its > features are a security hazard, some overlap with better solutions > available now, and some are just kind of useless. > > XEP-0146 defines five use-cases: > 1. Change status > 2. Forward unread messages residing at the remote client to the local > client > 3. Change run-time options > 4. Accept pending file transfer requests > 5. Leave groupchats > > Of those, 2. is the biggest problem, at least some implementations will > happily send a plain-text version of their logs to any other resource > requesting it. It is also a use-case solved in a much nicer way by > XEP-0313. > > The main reason for 4., poor routing of iq-based file transfers, is > already solved by XEP-0353 (alongside XEP-0280 in some situations). It > might make sense to keep this feature for other reasons, like if you > are on a bandwidth-limited mobile network but want to accept a big file > transfer on your home server so you can have the file once you come > home, I don’t feel strongly about deprecating this part of XEP-0146. > > The rest of the use-cases can possibly be security issues as well > (especially 3. depending on what gets exposed), but are mostly not > really useful, especially with the direction XMPP is moving to (like > MIX using PAM to handle groupchat join-ness, or multiple resources > being more hidden in modern UIs). > > So I propose deprecating this XEP, or at least the bad parts of it, or > at least improving the Security Considerations, let’s discuss! > > Thanks, > > -- > Emmanuel Gil Peyrot > _______________________________________________ > Standards mailing list > Info: https://mail.jabber.org/mailman/listinfo/standards > Unsubscribe: standards-unsubscr...@xmpp.org > _______________________________________________ _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
