[Council] meeting minutes, 2007-10-24

Dave Cridland dave at cridland.net
Tue Oct 30 11:15:28 CDT 2007


On Wed Oct 24 21:08:30 2007, Peter Saint-Andre wrote:
> Use of the <password/> child of the <conference/> element is NOT
> RECOMMENDED, since the password could be discovered by a third  
> party,
> e.g. an eavesdropper (if channel encryption is not used) or a server
> administrator. However, the element MAY be used in suitably secure
> environments (e.g., where it is known that communications will not  
> be
> sent over unencrypted channels and the server administrators are
> trusted). Clients SHOULD NOT default to storing passwords and MUST
> enable users to disable any password storage.

Yes, that's fine.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade


More information about the Council mailing list