Relegate message retraction to xep-0424 instead of using custom one. #1047
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -28,8 +28,11 @@ | |
| <spec>XEP-0292</spec> | ||
| <spec>XEP-0297</spec> | ||
| <spec>XEP-0313</spec> | ||
| <spec>XEP-0359</spec> | ||
| <spec>XEP-0369</spec> | ||
| <spec>XEP-0372</spec> | ||
| <spec>XEP-0424</spec> | ||
| <spec>XEP-0359</spec> | ||
| </dependencies> | ||
| <supersedes/> | ||
| <supersededby/> | ||
|
|
@@ -172,20 +175,38 @@ | |
|
|
||
| <section1 topic="Retracting a Message" anchor="usecase-retract"> | ||
| <p> | ||
| A MIX channel MAY support message retraction, where the sender of a messages or an authorized administrator deletes a message. A MIX channel MAY limit the time frame in which a message is allowed to be retracted, for example to prevent retraction of very old messages. When a messages is retracted the original message MAY be replaced by a tombstone. Message retraction is done by sending a special message that identifies the original message. This mechanism allows the retraction to be distributed on the same path as the original message so that all participating servers and clients MAY honour the retraction. | ||
|
|
||
| The protocol to request retraction is defined in &xep0424;. If a server is aware of message retractions it MUST advertise it's support by advertising 'urn:xmpp:message-retract:0' feature. The retract message MUST be addressed to the mix channel and the <apply-to> element (as defined in &xep0422;) MUST include an 'id' attribute that holds the stable-id (as defined in &xep0359;) of the original message send by the channel itself. A message and its retraction shown in the following example. | ||
| </p> | ||
| <example caption="User Sends a Message to channel"><![CDATA[ | ||
| <message from='[email protected]/UUID-a1j/7533' | ||
| to='[email protected]' | ||
| id='abcde' | ||
| type='groupchat'> | ||
| <body> A Message I did not mean to send </body> | ||
| </message> | ||
| ]]></example> | ||
| <example caption="MIX channel reflects message to Participants with generated stanza-id"><![CDATA[ | ||
| <message from='[email protected]/123456' | ||
| to='[email protected]' | ||
| id='77E07BB0-55CF-4BD4-890E-3F7C0E686BBD' | ||
| type='groupchat'> | ||
| <body> A Message I did not mean to send </body> | ||
| <stanza-id by='[email protected]' id='a568706e-867b-49f1-a31b-e428ba9cece1' xmlns='urn:xmpp:sid:0'/> | ||
| <mix xmlns='urn:xmpp:mix:core:1'> | ||
| <nick>thirdwitch</nick> | ||
| <jid>[email protected]</jid> | ||
| </mix> | ||
| </message> | ||
| ]]></example> | ||
| <example caption="User Retracts a Message"><![CDATA[ | ||
| <message from='[email protected]/UUID-a1j/7533' | ||
| to='[email protected]' | ||
| id='92vax143g'> | ||
| <apply-to id="a568706e-867b-49f1-a31b-e428ba9cece1" xmlns="urn:xmpp:fasten:0"> | ||
| <retract xmlns='urn:xmpp:message-retract:0'/> | ||
| </apply-to> | ||
| </message> | ||
| ]]></example> | ||
| <p> | ||
|
|
@@ -198,19 +219,19 @@ | |
| Two approaches to message retraction can be used. In the first approach, the retracted message is simply removed. This is appropriate where retraction is provided as a user service and the user has rights to remove messages sent from the record. | ||
| </p> | ||
| <p> | ||
| The second approach is to leave a tombstone. It is recommended to use a tombstone, as simply deleting the message may cause confusion with MAM queries. Use of a tombstone is appropriate where it is desired to leave a record of the message that was redacted. The tombstones are also defined in &xep0424;. A service which supports tombstones MUST advertise the 'urn:xmpp:message-retract:0#tombstone' feature in its Service Discovery responses. | ||
|
There was a problem hiding this comment. I still think we need to be explicit which version of 424 is required. There was a problem hiding this comment. Should be fixed by correcting first example. |
||
| </p> | ||
|
|
||
| <example caption="Retracted message tombstone in a MAM result"><![CDATA[ | ||
| <message id='aeb213' to='[email protected]/UUID-e3r/9264'> | ||
| <result xmlns='urn:xmpp:mam:2' queryid='f27' id='28482-98726-73623'> | ||
| <forwarded xmlns='urn:xmpp:forward:0'> | ||
| <delay xmlns='urn:xmpp:delay' stamp='2010-07-10T23:08:25Z'/> | ||
| <message xmlns='jabber:client' from="[email protected]" | ||
| to="[email protected]"> | ||
| <retracted xmlns='urn:xmpp:message-retract:0' stamp='2010-07-10T23:08:25Z'> | ||
|
There was a problem hiding this comment. The id of the MAM result needs to be the id the mix channel originally assigned to the retracted stanza. There was a problem hiding this comment. Should be fixed by correcting first example. |
||
| <origin-id xmlns='urn:xmpp:sid:0' id='a568706e-867b-49f1-a31b-e428ba9cece1'/> | ||
|
There was a problem hiding this comment. This is missing the note of who retracted the message (also a comment from my original round ;)) |
||
| </retracted> | ||
| </forwarded> | ||
| </result> | ||
| </message> | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is using the id as sent by the original client, and it needs to be an id as assigned by the mix channel, I believe (I said this in the first round of comments)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this could be solved if apply-to would not only refer to the id, but also to the 'by' value of the stanza-id element. For example
See also my 2019 mail to @standards: https://mail.jabber.org/pipermail/standards/2019-September/036435.html
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think stamping the origin of the id actually matters very much in this case (it very much does in others), because in this case only one id is going to be usable - the one from the MIX itself, so the stamper can be implicit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe, but I wonder how many implementations will get the implicit value wrong and open a security hole due that. I am usually a fan of avoiding unnecessary bytes on the wire and implicit values. But this smells a little bit like the carbon 'from' security hole that many implementations had.
I think at least, it should be clearly spelled out that the message is fastened to a message containing a stanza-id element where the 'id' matches the 'id' value from apply-to, and the 'by' value is the bare JID of the MIX channel (right?).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm with @Kev here - the example was just bad and used wrong ID. Adding "by" wouldn't change that here.