On Sonntag, 6. Januar 2019 22:14:59 CET Maxime Buquet wrote: > Hi Standards, > > I had the opportunity to discuss with people interested in <moved/> at > the 35C3. > > The current state of <moved/> is not ideal, it is pretty much ephemeral, > and I Ge0rG has been working on it, and we've been discussing it at the > Düsseldorf sprint[0]. I'll keep this thread focused on my question > though, this is to provide a bit of background. > > One question that came back was how to cope with servers going offline, > or shutting down. When this is the case, a user has no way to prove > their identity. > > What was suggested from a user at CCC (owl, for credit), was to be able > to define "metacontacts". Not in the way of 209[1], where metacontacts > are purely a client-side feature, but as something that a user would be > able to declare for themselves. > > userAB has accountA and accountB, they tell their contacts that both > accounts are their own. In the context of <moved/>, when serverA if > offline, userAB wants to tell their contacts that they are moving their > main account on accountB. > > AccountB now has the authority to do this, as accountA has agreed > beforehand. > > > This should probably get its own XEP and does not need to be linked to > <moved/> specifically. This is also pretty much at the "thoughts" level > at the moment, and there are lots of unanswered questions, like the > obvious security concerns.
What you are proposing is essentially a "Linked" instead of / in addition to
"Moved". It has pretty much the same security implications (and the same
drawbacks w.r.t. broken servers) as "Moved" has. So I’m not sure why you’re
bringing this up in the context of offline/shutdown servers? I.e. which
specific use-case are you trying to address?
If we want to solve the use case of a suddenly broken/gone-for-good server,
the only way I can come up with off the top of my head is to have a keypair
which represents your identity which you somehow tie to your current account.
When you open a new account after your server has vanished, you can use the
same keypair to prove that you’re the same person as before.
This seems awfully complex to me though, especially with multi-device stories.
If we only want to address the use case of a server which vanishes at a
defined point in the future (think AOL shutdown), Moved would do just fine
(provided we solve the basic issues with it).
Aside from all that, I think that a way to announce that I own two different
accounts and that they’re the same identity is a useful thing to have. This
could be extended to a bunch of fancy things, like specifying a "primary"
account where all your contacts would transparently "flock" to, making it
easier to manage multiple account scenarios without having to meta-interact
("can you please add my other JID and use that from now on") with people.
kind regards,
Jonas
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
