[Council] meeting minutes, 2007-10-24
stpeter at stpeter.im
Wed Oct 24 16:08:30 CDT 2007
Peter Saint-Andre wrote:
> 3. XEP-0048: Bookmark Storage
> Approve version 1.1pre4?
> All Council members in attendance voted +1. Ralph to vote on the list.
> Kev asked whether it would be acceptable to allow use of the <password/>
> element in appropriately secure deployments. Council consensus that we
> can change MUST NOT to SHOULD NOT and reinstate the element in the
> schema. Peter to send revised text to the Council list.
How is this as the second paragraph of the Security Considerations?
Use of the <password/> child of the <conference/> element is NOT
RECOMMENDED, since the password could be discovered by a third party,
e.g. an eavesdropper (if channel encryption is not used) or a server
administrator. However, the element MAY be used in suitably secure
environments (e.g., where it is known that communications will not be
sent over unencrypted channels and the server administrators are
trusted). Clients SHOULD NOT default to storing passwords and MUST
enable users to disable any password storage.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/council/attachments/20071024/3771e0bb/attachment.bin
More information about the Council