[Council] Minutes of Council 2009-11-23
dave at cridland.net
Tue Nov 24 11:03:54 CST 2009
On Tue Nov 24 16:42:17 2009, Peter Saint-Andre wrote:
> And do feel free to weigh in on XEP-0249. :)
Yes, I'll weigh in on this with a -1, I'm afraid.
The security considerations should be referencing XEP-0045, but it
also needs to draw specific attention to the fact the password is
included in the clear, and may be intercepted.
This is no more or less secure than existing mediated invitations, of
course - all parties with the ability to snoop the password still
have it with direct invitations.
Also, it's probably worth noting that the common alternative to
password, being member-only rooms with the service automatically
adding invited user to the member list, won't work as transparently
here, so inviters shoudl send invitees both mediated and direct
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Council