[Council] meeting minutes, 2007-10-24

Kevin Smith kevin at kismith.co.uk
Tue Oct 30 04:05:38 CDT 2007


On 24 Oct 2007, at 22:08, Peter Saint-Andre wrote:
> How is this as the second paragraph of the Security Considerations?
>
> ******
>
> Use of the <password/> child of the <conference/> element is NOT
> RECOMMENDED, since the password could be discovered by a third party,
> e.g. an eavesdropper (if channel encryption is not used) or a server
> administrator. However, the element MAY be used in suitably secure
> environments (e.g., where it is known that communications will not be
> sent over unencrypted channels and the server administrators are
> trusted). Clients SHOULD NOT default to storing passwords and MUST
> enable users to disable any password storage.
>
> ******

Works for me.

/K




More information about the Council mailing list