[Council] [Standards] XMPP Council Minutes for 2017-01-10

Georg Lukas georg at op-co.de
Sat Jan 13 17:48:17 UTC 2018


* Dave Cridland <dave at cridland.net> [2018-01-10 18:30]:
> 4) ProtoXEP: PEP Avatar to vCard conversion.

+1. I like the general idea and I'm pretty sure the security issue I
outlined on standards@ can be sorted out.

> 6) ProtoXEP: TOTP 2FA

+1

I'm not quite sure how the interop between the TOTP Device and the XMPP
client will be performed in practice (client displays QR code to
camera-equipped Device / shares URI with local TOTP app?), and the
explanation in §4 suddenly

Furthermore, there are some places in the XEP with less-than-formal
wording. If those are meant to stay, I recommend promoting this XEP to
type "Humorous".

My main issue however is §3.2, which REQUIREs the exact parameters of
the TOTP generator to be fixed values. I can see how §6.2 TOTP could be
used with a physical Device distributed to the user without ever
performing §5.1 Voluntary Account Enrollment or §6.1 TOTP-INIT. Those
physical Devices might not be configurable, so I suggest changing the
wording to be only mandatory for Devices configured by TOTP URIs
transmitted in the context of this XEP.

> 7) Deprecate XEP-0126: Invisibility

+1


Georg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/council/attachments/20180113/d0c02de8/attachment.sig>


More information about the Council mailing list