RFC Errata
RFC 8280, "Research into Human Rights Protocol Considerations", October 2017
Note: This RFC has been updated by RFC 9620
Source of RFC: IRTF
Errata ID: 5307
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Florian Schmaus
Date Reported: 2018-03-26
Rejected by: Allison Mankin (IRTF Chair)
Date Rejected: 2018-08-20
Section 5.2.3.4.1. says:
While the protocol does not specify that the resource must be exposed by the client's server to remote users, in practice this has become the default behavior.
Notes:
The sentence is incorrect. The resource is exposed to the remote user in standard 1:1 chats, since servers are required to stamp the 'from' value with the full JID as per RFC 6120 § 8.1.2.1 (stanza-attribute-from-stamp conformance requirement).
Note that the situation is different in groupchats: The resource is not required to be exposed, but when MUC is used, the presence in the channel also reveals the overall presence of the user. This is however, likely to change with future MUC replacement protocols.
I'd also like to point out that RFC 6120 § 13.10.2. and RFC 6121 § 11. discuss the security considerations and provide guidance in order to prevent those leaks
--VERIFIER NOTES--
The RFC's editors concluded that accepting the erratum would not add value. IRTF Chair agrees.