XEP-0425: Updates based on list feedback #1271
Conversation
|
I think something is wrong with the examples. I assume (Previously the moderation messages was validated by coming from the bare room jid; but if you want to be compatible with retraction it will need to be validated by the sender (+ occupant id maybe)) <message type="groupchat" id='retraction-id-1' from='[email protected]/oldhag' to="[email protected]/resource">
<retract id="stanza-id-1" xmlns='urn:xmpp:message-retract:1'>
<moderated by='[email protected]/macbeth' xmlns='urn:xmpp:message-moderate:1'>
<reason>This message contains inappropriate content for this forum</reason>
</moderated>
</retract>
</message> |
jcbrand
force-pushed
the
jcbrand/xep-0425-remove-fastening
branch
from
00454d4 to
980141f
Compare
As mentioned in the XSF MUC, I don't think it's appropriate to pretend that a retraction comes from someone it doesn't actually come from and I doubt that maintaining compatibility with clients that only implement XEP-0424 is worth it. |
Doesn't that just make it more complex to implement for no benefit? |
|
@singpolyma: No, I think it's the contrary. I added message fastening in the anticipation that it would become a widely implemented standard. That didn't happen, in fact nobody besides myself made any attempt (that I'm aware of) to actually use fastenings. So it's a dead end and unnecessary cruft. |
Kev
added
the
Needs Council
jcbrand
force-pushed
the
jcbrand/xep-0425-remove-fastening
branch
from
980141f to
7731329
Compare
jcbrand
force-pushed
the
jcbrand/xep-0425-remove-fastening
branch
from
7731329 to
1ff4761
Compare
|
@Kev, @iNPUTmice Is there anything still preventing this from being merged? |
Waiting for Council to get back to me on this. |
|
Minor nit. The groupchat message example has a weird to attribute. It should probably be sent to: [email protected]/home <message type="groupchat" id='retraction-id-1' from='[email protected]' to="[email protected]/home"> |
xep-0425.xml
Outdated
| <moderate id="stanza-id-1" xmlns='urn:xmpp:message-moderate:1'> | ||
| <retract xmlns='urn:xmpp:message-retract:1'/> | ||
| <reason>This message contains inappropriate content for this forum</reason> | ||
| </moderate> | ||
| </iq>]]></example> | ||
|
|
||
| <section2 topic='Success case' anchor='usecase-success'> | ||
|
|
||
| <p>If the moderator is allowed to moderate the message, the groupchat service will send a message stanza to all participants (including the moderator), indicating that the message has been retracted and by whom.</p> |
There was a problem hiding this comment.
Is this the only protection against a non-moderator issuing a retraction? If so it's not enough because the MUC may not understand this protocol and therefore won't be able to perform this filtering.
Regardless, how, when, and where retractions are supposed to be validated should be in the security considerations section.
There was a problem hiding this comment.
To prevent message spoofing, it's very important to check that the moderation message comes from the MUC service
its already in the security considerations, this is enough, don’t you think?
|
Council has voted to move XEP-0425 back to experimental (which gives the author control over those changes) |
xep-0425.xml
Outdated
| </iq>]]></example> | ||
|
|
||
| <section2 topic='Success case' anchor='usecase-success'> | ||
|
|
||
| <p>If the moderator is allowed to moderate the message, the groupchat service will send a message stanza to all participants (including the moderator), indicating that the message has been retracted and by whom.</p> | ||
| <p>This message will use &xep0422; to indicate that it applies to the moderated message, by referring to its XEP-0359 Stanza ID.</p> | ||
| <p>This message will use &xep0424; to indicate that it is a retraction, and will refer to the retracted message by its XEP-0359 Stanza ID. Care must be taken to use the stanza ID that was added by the MUC, i.e. which has a "by" attribute set to the MUC JID, and not some other stanza ID. The client MUST check that the correct stanza ID was used and ignore the stanza if not.</p> | ||
| <p>Inside the <retract/> element is a <moderated/> element indicating that the retraction was a moderator action and containing the optional reason.</p> |
There was a problem hiding this comment.
Please describe the elements that should or must be in the message here when the message is first introduced
- Is the "by" attributed a MUST, or optional?
- Is the "by" attribute set to a real JID in non-anon rooms? Or always the occupant JID?
- Should a server that understands the occupant-id XEP add a
<occupant-id>tag inside the moderated tag?
Some of these things are defined later down in the Tombstone section, which someone may not even read because they have no interest in implementing tombstones, and may interpret only relevant for the tombstone use case.
|
What logic does the Sending IQI think the id attribute should be moved to the I dont care much, but it should be at least consistent, the live message case has the id on the retract element. My Proposal, move id to retract element. Receiving the message liveThe Please lets revert this back to (move the id attribute either to the moderated element or keep it in the retract but it should be consistent with the IQ). This makes it consistent with the tombstone. Receiving a TombstoneExample looks good and consistent, but on the Please add a sentence how to discover a tombstone, its very subtle, a tombstone has a |
|
I just discovered there seems to be no protection against forging tombstones. |
|
@jcbrand So I think this is ok for you to update to change back to Experimental in the same change, and then I can merge. |
Kev
added
Needs Changes
and removed
Needs Council
jcbrand
force-pushed
the
jcbrand/xep-0425-remove-fastening
branch
2 times, most recently
from
6e7fd67 to
d3ae5e2
Compare
- Remove the dependency on XEP-0422 Message Fastening - Rename to 'Moderated Message Retraction' and focus only on the retraction use-case - Clarify the purpose of the `reason` element - Specify that clients must check that the correct stanza ID was used (based on the `by` attribute) - Relax the requirement that a `by` attribute be added to the `<moderated>` element to SHOULD. Mailing list thread is here: https://mail.jabber.org/pipermail/standards/2021-December/038660.html
jcbrand
force-pushed
the
jcbrand/xep-0425-remove-fastening
branch
from
d3ae5e2 to
baecbad
Compare
|
@lovetox Thank you for your comments. Here are my responses.
It's the difference between a request (or command) and a response. Seems to me it's mainly a matter of taste whether one should distinguish like this or not. I prefer it, since it removes ambiguity once you understand the point. If you get
Thanks, but I don't really see the need to change this. The message is being moderated, and the moderation action happens to be a retraction. That was the idea behind putting the
That is on the
Ok, I updated the tombstone so that
Done.
Thanks, fixed.
There already is a sentence above the tombstone example which explains this. To try and reduce confusion, I've added the following sentence:
|
|
@Kev I've moved the status back to |
| <moderated by="[email protected]"> | ||
| <occupant-id xmlns="urn:xmpp:occupant-id:0" id="dd72603deec90a38ba552f7c68cbcc61bca202cd" /> | ||
| <retracted stamp='2019-09-20T23:19:12Z' xmlns='urn:xmpp:message-retract:0'/> | ||
| <retracted stamp='2019-09-20T23:19:12Z' xmlns='urn:xmpp:message-retract:0'> |
There was a problem hiding this comment.
Update to urn:xmpp:message-retract:1?
reasonelementMailing list thread is here:
https://mail.jabber.org/pipermail/standards/2021-December/038660.html
I mention this PR here: https://mail.jabber.org/pipermail/standards/2023-February/039167.html