Difference between revisions of "XEP-Remarks/XEP-0280: Message Carbons"

Jump to navigation Jump to search

XEP-Remarks/XEP-0280: Message Carbons (view source)

Revision as of 20:00, 23 August 2021

892 bytes added ,  20:00, 23 August 2021
m
Remove outdated section
m (Remove outdated section)
Tags: Mobile web edit Mobile edit
 
(3 intermediate revisions by 2 users not shown)
Line 9: Line 9:
In the long term, Carbons+MAM might be replaced/updated by some common mechanism that also ensures that a client knows the MAM-ID of sent messages.
In the long term, Carbons+MAM might be replaced/updated by some common mechanism that also ensures that a client knows the MAM-ID of sent messages.


= Server-Side Processing Rules =
= Client-Side Processing =


The current rules are vague and not quite adequate. [https://github.com/xsf/xeps/pull/434 An alternative proposal (#434)] is being worked on.
'''Carbons MUST NOT be accepted from JIDs other than the user's bare account JID''', or else:


= Client-Side Processing =
* [https://op-co.de/tmp/CVE-2017-5589.html CVE-2017-5589+ Multiple XMPP Clients User Impersonation Vulnerability]
* [https://gultsch.de/dino_multiple.html CVE-2019-16235+ Multiple Vulnerabilities found in Dino]
* [https://monal.im/blog/cve-2020-26547/  CVE-2020-26547 Missing verification of origin of Carbons in Monal]
 
Before processing a Carbon, the client must determine whether the message was a MUC-PM or a regular chat message (this might require an IQ round-trip to the sending entity).


Carbons MUST NOT be accepted from JIDs other than the user's bare account JID!
Possible MUC-PM resolution, "partner" is the sender JID of "received" and the recipient JID of "sent" Carbons:


Before processing a Carbon, the client must determine whether the message was a MUC-PM or a regular chat message (this might require an IQ round-trip to the sending entity).
# If the forwarded message contains an <tt><x xmlns='http://jabber.org/protocol/muc'></tt> payload, it's a PM
# If the partner's bare JID is a known MUC (joined, listed in bookmarks), it's a PM
# If the partner's bare JID is in the roster, it's '''probably''' a normal message (shakes fist at Gajim)
# If still undetermined, send a <tt>disco#info</tt> IQ to the partner's bare JID and delay processing of the Carbon (yes, ewwww!)
# If the <tt>disco#info</tt> response contains <tt><feature var='http://jabber.org/protocol/muc'/></tt> then it's a PM, otherwise it's a normal message. Cache the disco result for next time!


For regular messsages, the client should process the Carbon similarly to a normal message (it might modify notification behavior, but this is not guaranteed to work).
For regular messsages, the client should process the Carbon similarly to a normal message (it might modify notification behavior, but this is not guaranteed to work).


= Handling of MUC-PMs =
= Handling of MUC-PMs =
SamWhited
183

edits

Retrieved from "https://wiki.xmpp.org/web/Special:MobileDiff/12977...13719"

Navigation menu