[Council] meeting minutes, 2007-10-24

Peter Saint-Andre stpeter at stpeter.im
Tue Oct 30 10:25:32 CDT 2007


Kevin Smith wrote:
> On 24 Oct 2007, at 22:08, Peter Saint-Andre wrote:
>> How is this as the second paragraph of the Security Considerations?
>>
>> ******
>>
>> Use of the <password/> child of the <conference/> element is NOT
>> RECOMMENDED, since the password could be discovered by a third party,
>> e.g. an eavesdropper (if channel encryption is not used) or a server
>> administrator. However, the element MAY be used in suitably secure
>> environments (e.g., where it is known that communications will not be
>> sent over unencrypted channels and the server administrators are
>> trusted). Clients SHOULD NOT default to storing passwords and MUST
>> enable users to disable any password storage.
>>
>> ******
> 
> Works for me.

OK, thanks. Anyone else?

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/council/attachments/20071030/c206795e/attachment.bin 


More information about the Council mailing list