jdev - 2020-07-14


  1. Martin

    Does any client implement `XEP-0421: Anonymous unique occupant identifiers for MUCs`?

  2. jonas’

    what do you mean by "support"?

  3. jonas’

    it’s a server-side feature, isn’t it?

  4. jonas’

    a client may make beneficial use of this though

  5. Martin

    Make use of it, e.g. for LMC?

  6. Martin

    Right now you don't see it LMCed when you were not joined by that time.

  7. jonas’

    hm, I should add the 10 lines necessary to support it in aioxmpp ;)

  8. jonas’

    then jabbercat can do it

  9. Martin

    :)

  10. jonas’

    ah, though, to do it securely I’d have to disco#info the MUC on join… a thing I still don’t do :/

  11. jonas’

    aaaaalso the thing needs an addendum in the security considerations, neat

  12. Link Mauve

    Or we could you know, move it inside of the <{muc}x/>.

  13. Link Mauve

    Ah hmm, that’d work only for presences, not messages.

  14. Link Mauve

    Nvm.

  15. pep.

    jonas’, which part of security considerations?

  16. jonas’

    pep., the part where it doesn’t say that a client MUST NOT rely on occupant-id unless the feature was discovered on the MUC

  17. pep.

    Ah what you said

  18. pep.

    hmm wait

  19. pep.

    I thought it said something like that

  20. jonas’

    it doesn’t

  21. pep.

    Not in security considerations

  22. pep.

    “The <occupant-id> element MUST be ignored if support for the feature is not announced via Service Discovery (XEP-0030) [4], as malicious clients might forge occupant identifiers if the room does not support them.”

  23. jonas’

    needs mentioning in the SC then

  24. pep.

    Sure, might be good to move it / repeat it there

  25. jonas’

    jupp