RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 8280, "Research into Human Rights Protocol Considerations", October 2017

Source of RFC: IRTF

Errata ID: 5307
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Florian Schmaus
Date Reported: 2018-03-26
Rejected by: Allison Mankin (IRTF Chair)
Date Rejected: 2018-08-20

Section 5.2.3.4.1. says:

While the
protocol does not specify that the resource must be exposed by the
client's server to remote users, in practice this has become the
default behavior.

Notes:

The sentence is incorrect. The resource is exposed to the remote user in standard 1:1 chats, since servers are required to stamp the 'from' value with the full JID as per RFC 6120 § 8.1.2.1 (stanza-attribute-from-stamp conformance requirement).
Note that the situation is different in groupchats: The resource is not required to be exposed, but when MUC is used, the presence in the channel also reveals the overall presence of the user. This is however, likely to change with future MUC replacement protocols.
I'd also like to point out that RFC 6120 § 13.10.2. and RFC 6121 § 11. discuss the security considerations and provide guidance in order to prevent those leaks
--VERIFIER NOTES--
The RFC's editors concluded that accepting the erratum would not add value. IRTF Chair agrees.

Report New Errata



Advanced Search