[Council] [Standards] XMPP Council Minutes for 2017-01-10
georg at op-co.de
Sat Jan 13 17:48:17 UTC 2018
* Dave Cridland <dave at cridland.net> [2018-01-10 18:30]:
> 4) ProtoXEP: PEP Avatar to vCard conversion.
+1. I like the general idea and I'm pretty sure the security issue I
outlined on standards@ can be sorted out.
> 6) ProtoXEP: TOTP 2FA
I'm not quite sure how the interop between the TOTP Device and the XMPP
client will be performed in practice (client displays QR code to
camera-equipped Device / shares URI with local TOTP app?), and the
explanation in §4 suddenly
Furthermore, there are some places in the XEP with less-than-formal
wording. If those are meant to stay, I recommend promoting this XEP to
My main issue however is §3.2, which REQUIREs the exact parameters of
the TOTP generator to be fixed values. I can see how §6.2 TOTP could be
used with a physical Device distributed to the user without ever
performing §5.1 Voluntary Account Enrollment or §6.1 TOTP-INIT. Those
physical Devices might not be configurable, so I suggest changing the
wording to be only mandatory for Devices configured by TOTP URIs
transmitted in the context of this XEP.
> 7) Deprecate XEP-0126: Invisibility
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the Council