[Standards] Jingle "implementability"
Robert Quattlebaum
darco at deepdarc.com
Thu Jan 31 12:29:19 CST 2008
On Jan 31, 2008, at 10:08 AM, Peter Saint-Andre wrote:
> We can specify that a session ID must be a UUID. I think that's a
> good idea.
While I think using UUID's in general is a great idea, just keep in
mind that traditional UUID calculation implementations have security
concerns because they leak the MAC address of the primary network
card. If you are going to explicitly encourage the use of UUID's, I
think you should explicitly recommend against using UUID generation
methods which would leak such information.
__________________
Robert Quattlebaum
Jabber: darco at deepdarc.com
eMail: darco at deepdarc.com
www: http://www.deepdarc.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.jabber.org/pipermail/standards/attachments/20080131/b2e656e4/attachment.htm
More information about the Standards
mailing list