RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Reported (2)

RFC 8280, "Research into Human Rights Protocol Considerations", October 2017

Source of RFC: IRTF

Errata ID: 5306
Status: Reported
Type: Technical

Reported By: Florian Schmaus
Date Reported: 2018-03-26

Section 5.2.3.4.1. says:

Likewise, user invisibility so that communication can
occur while users don't notify all buddies and other servers of their
availability is not part of the formal protocol and has only been
added as an extension within the XML stream rather than enforced by
the protocol.

Notes:

The sentence is not correct and thus misleading. XMPP imposes no restriction on communication depending on your own presence status. It is perfectly fine to communicate with someone *without* notifying "all buddies and other servers" of your availability.

Errata ID: 5307
Status: Reported
Type: Technical

Reported By: Florian Schmaus
Date Reported: 2018-03-26

Section 5.2.3.4.1. says:

While the
protocol does not specify that the resource must be exposed by the
client's server to remote users, in practice this has become the
default behavior.

Notes:

The sentence is incorrect. The resource is exposed to the remote user in standard 1:1 chats, since servers are required to stamp the 'from' value with the full JID as per RFC 6120 § 8.1.2.1 (stanza-attribute-from-stamp conformance requirement).
Note that the situation is different in groupchats: The resource is not required to be exposed, but when MUC is used, the presence in the channel also reveals the overall presence of the user. This is however, likely to change with future MUC replacement protocols.
I'd also like to point out that RFC 6120 § 13.10.2. and RFC 6121 § 11. discuss the security considerations and provide guidance in order to prevent those leaks

Report New Errata