[Council] XEP-0185 feedback
Ian Paterson
ian.paterson at clientside.co.uk
Thu Feb 1 13:02:52 CST 2007
Peter Saint-Andre wrote:
> I chatted with Philipp Hancke (the spec author) and we think it's
> probably best to simply remove Section 4 of XEP-0185. Objections?
I think it's educational. That's important for this XEP - since there
are no incompatability issues to keep developers on the straight and
narrow. So anyone can decide to do their own thing (all too common with
crypto code). We can't stop that, but we can at least help them avoid
the obvious mistakes.
I'm also interested in 4.1 (why the Originating Server needs to be
included). :-)
>> Perhaps I've not understood, but I don't find section 4.1 very
>> convincing. Am I supposed to? I guess it doesn't matter, including
>> the Originating Server can't hurt, and with security it's always
>> better to be conservative.
> I think 4.1 could be improved to describe why it might not be good for
> the originating server to reveal that it uses the same secret for two
> virtual domains.
- Ian
More information about the Council
mailing list