Le mardi 20 janvier 2026, 19:45:35 heure normale d’Europe centrale Thilo Molitor a écrit : > To be honest, I don't understand the "encrypted roster" discussion. > Even if the server does not see the roster at all, it is able to fully infer > which jids are part of a user's "roster" by just checking the PubSub > subscriptions and fetches of that user. > > Isn't an "encrypted roster" implemented this way just a farce? > Or do I miss something important here? > > -tmolitor
The JID is not visible, it's a random ID in the pubsub items, and the fetches are done whenever client want to sync. There is a single node to subscribe, you can't get any information from that, beside a very approximate size of the roster, and the <reserved> element is there to make it muddy. The server can know who you are communicating with by checking "from" and "to" from message (until we have something like sealed sender), or checking PEP requests (for OMEMO for instance), but the goal here is to hide the sensitive metadata (name, and groups, possibly other things). This is a first step toward metadata reduction. The server can vaguely guess the relations of the entity, but it has less information than before. Other steps such as sealed sender will be discussed (notably at the incoming summit). Best, Goffi
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
