> On 29 Jul 2019, at 02:15, Tedd Sterr <teddst...@outlook.com> wrote:
> 2019-07-17 (expiring 2019-07-31)
> Proposed XMPP Extension: Anonymous unique occupant identifiers for MUCs 
> -https://xmpp.org/extensions/inbox/occupant-id.html
> Dave: [pending]
> Georg: +1 (would rather see occupant IDs in the form of JIDs, maybe even 
> passed in a 'jid' attribute in the XEP-0045 item tag)
> Jonas: +1
> Kev: [pending]
> Link: +1

I’m -0 on this at the moment. I’m concerned that there’s an assumption here 
that it’s desirable to be able to (effectively) de-anonymise semi-anonymous 
MUCs (they might be set semi-anonymous deliberately), and there’s a lack of 
security considerations about the cross-muc implications of poor generation, or 
of rainbow attacks with poor hash choices.

> Proposed XMPP Extension: Message Reactions - 
> https://xmpp.org/extensions/inbox/reactions.html
> Dave: [pending]
> Georg: +0 (for now; still undecided)
> Jonas: +1 (details can be ironed out)
> Kev: [pending]
> Link: +1 (issues can be ironed out before Draft)

This is definitely not the Right Way to do this, as we need a general way of 
referencing a previous message for assorted things, of which reactions are only 
one, and to use that everywhere, while the reactions syntax is not reusable. 
This mechanism could be references, or could be attaching, or could be 
something else, but a reactions-only syntax is definitely unhelpful when we 
need to be collating all the different types of meta-data responses and 
exposing them in archives. As-is at the moment, without that half of the puzzle 
solved (such as the collation stuff from the Summit), reactions are limited. 
I’m very concerned that not doing it Right at first when it goes Experimental 
is going to lead to a situation where it gets deployed and is almost impossible 
to fix the holes later due to inertia-once-implemented.

Council had a long and heated discussion about this today, and I think the best 
thing I can do is -1. My suggested remediation is to a) Get general agreement 
that either references or attaching can be our Future Mechanism For All The 
Things (I think we’re pretty much there) b) use Attaching (367) in reactions.

As a recompense for the -1, I’m willing to make the change to the protoXEP 
myself, if desired.

Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org

Reply via email to