8 May
2024
8 May
'24
8:26 a.m.
Indeed, sorry to be unclear, I'm suggesting that we should discuss this
in the security considerations section (probably detailing exactly what
"The occupant identifier MUST be generated such that it is anonymous"
actually means in terms of security properties). In addition, I think we
should mention the naive use case that people may think is also fine
(just doing a hash of the bare JID) and be explicit that this is not
good instead of just passively assuming this is covered and understood
by the word "anonymous".
—Sam
P.S. re-sending something I accidentally sent off-list, sorry for the
duplicate Stephen.
On 2024-05-08 10:22, Stephen Paul Weber wrote:
--
Sam Whited
sam(a)samwhited.com
Also, I
suspect the naive way to implement this will be to hash the
bare JID. We probably want to mention that this is a bad idea and that
these identifiers should be random (or we should explicitly define the
security properties that are required if they're derived, which
probably includes using a salt and ensuring high entropy).
The XEP suggests "One way to ensure these properties is to generate a
private secret key for every room and use an HMAC algorithm with a
sufficiently secure hash function to generate the occupant identifier
from the real bare JID and that secret key."
_______________________________________________
Standards mailing list -- standards(a)xmpp.org
To unsubscribe send an email to standards-leave(a)xmpp.org