Re: [Standards] XEP-0359: Unique and Stable Stanza IDs, PR#1272 Add security consideration and

[Florian Schmaus]

It appears there are two possible design options

A) do not state 'by' when referencing a stanza and provide rules how the
   'by' value can be inferred depending on the usage context
B) explicitly state the 'by' attribute and provide rules that allow to
   determine if the used 'by' attribute when referencing a stanza is
   valid
I think you lean towards A) while I would argue that it is better to be 
explicit in such a sensitive context and go with B).

I agree that origin-id can be used relatively safely in certain 
circumstance. However, past experience has shown that it is easy to 
misuse origin-id. I think, for example, urn:xmpp:fasten:0 used it 
exclusively without any security considerations.

With the current state of affairs, you only need to use origin-id in 1:1 
chats.

<message from=a...@example.org/res to=b...@example.org origin-id=1>
  <body>Foosball tonight?</body>
</message>

<message from=b...@example.org/res to=a...@example.org>
  <react>thumbs-up</react>
  <reference id=1 by=a...@example.org>
</message>

I see that this would be disallowed by the current state of PR 1272. But 
the current wording could be relaxed.

However, people have long been complaining about origin-id and its 
perceived uselessness. Additionally, there has been the idea of the 
client's server acknowledging outgoing messages with some metadata about 
the message. If he had this, then we would no need to use origin-id in 
the case above. Because then we had

<message from=a...@example.org/res to=b...@example.org id=42>
  <body>Foosball tonight?</body>
</message>

<message from=example.org to=a...@example.org/res>
  <stanza-accept id=42>
    </stanza-id id=2323 by=a...@example.org>
    </archived>
  </stanza-accept>
</message>

User b...@exmaple.org when then receive

<message from=a...@example.org/res to=b...@example.org id=42>
  <body>Foosball tonight?</body>
  </stanza-id id=2323 by=a...@example.org>
</message>

and could

<message from=b...@example.org/res to=a...@example.org>
  <react>thumbs-up</react>
  <reference id=2323 by=a...@example.org>
</message>

But we don't have that nice <stanza-accept/> thing. So I am probably 
convinced, due the lack of alternatives, that relaxing the wording 
regarding origin-id's usage is the only viable option at the moment.

I still prefer the design approach B) above, though.

- Flow
_______________________________________________
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
_______________________________________________