[Council] Message threads
Ian Paterson
ian.paterson at clientside.co.uk
Thu Jan 11 07:59:43 CST 2007
Chris Mullins wrote:
> We use big-ugly-GUID's all over the place. These are
> (in essence) big ugly random numbers.
>
> Lots more info at:
> http://en.wikipedia.org/wiki/Globally_Unique_Identifier
>
Thanks. From reading that, it seems experience has shown we have to be
very careful about the code we use to generate GUIDs. Without analysing
the code (or using widely-trusted open-source code) we can never be sure
that no (personally identifiable) information is encoded in them.
In fact IMO it's worth adding a Security Consideration about that to
XEP-0201 (Threads).
Chris, you say you're using them "all over the place". Are we using
GUIDs or random numbers in any more XEPs (other than the e2e XEPs)?
Perhaps we should write a more general "Security best practices" XEP
(after we've got the e2e XEPs to Draft)?
- Ian
More information about the Council
mailing list