[Council] Minutes of Council 2009-11-23

Dave Cridland dave at cridland.net
Tue Nov 24 11:03:54 CST 2009


On Tue Nov 24 16:42:17 2009, Peter Saint-Andre wrote:
> And do feel free to weigh in on XEP-0249. :)

Yes, I'll weigh in on this with a -1, I'm afraid.

The security considerations should be referencing XEP-0045, but it  
also needs to draw specific attention to the fact the password is  
included in the clear, and may be intercepted.

This is no more or less secure than existing mediated invitations, of  
course - all parties with the ability to snoop the password still  
have it with direct invitations.

Also, it's probably worth noting that the common alternative to  
password, being member-only rooms with the service automatically  
adding invited user to the member list, won't work as transparently  
here, so inviters shoudl send invitees both mediated and direct  
invitations.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade


More information about the Council mailing list