[Standards] Jingle "implementability"
Peter Saint-Andre
stpeter at stpeter.im
Thu Jan 31 12:52:19 CST 2008
Robert Quattlebaum wrote:
>
> On Jan 31, 2008, at 10:08 AM, Peter Saint-Andre wrote:
>> We can specify that a session ID must be a UUID. I think that's a good
>> idea.
>
> While I think using UUID's in general is a great idea, just keep in mind
> that traditional UUID calculation implementations have security concerns
> because they leak the MAC address of the primary network card. If you
> are going to explicitly encourage the use of UUID's, I think you should
> explicitly recommend against using UUID generation methods which would
> leak such information.
Oh yes we've discussed that issue before. :)
/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20080131/b6494a9d/attachment-0001.bin
More information about the Standards
mailing list