[JDEV] Groupchat and "secrets"

jens at mac.com jens at mac.com
Wed Apr 25 19:30:48 CDT 2001


So I'm in the thick of implementing groupchat/conferencing in my client. 
Thanks to temas for pointing me to the latest docs so I didn't keep 
working off of the obsolete stuff in the JPG!

My current head-scratcher is: the person creating a chat room can set a 
"secret" or password that's required to join the room. However, there 
doesn't seem to be any way in the protocol for a client being invited to 
the chat room to be told what the password is. As far as I can tell the 
only way is to go roundabout through the people involved, i.e. the 
inviter adds "the password is froolap" to the invitation message, and 
the receiver then has to read that and type "froolap" into a dialog box 
when accepting the invitation. Kind of awkward. Or did I miss something?

I'm also not entirely happy with the security of a shared password, 
especially for a chat room that might be more-or-less permanent. As soon 
as someone spills the beans (or eavesdrops on someone joining the chat), 
the security of the room is compromised. Have there been any proposals 
for better security? For example, a simple improvement would be one-time 
passwords: the server makes up a different secret for every invitation 
and stuffs it in the invitation. The invitee has to echo the secret.

Speaking of longevity of chat rooms, do they disappear when the last 
person leaves? If not, how do you get rid of one?

As always, thanks ...

--Jens
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1424 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20010425/327ad76d/attachment-0002.bin>


More information about the JDev mailing list