[Foundation] Text Conferencing Ammendment

Joe Hildebrand hildjj at cursive.net
Fri Aug 16 08:48:37 CDT 2002


Or, we can exploit the "bug" in groupchat that goes one level too deep
with browse, if you are in the room.  Using browse, anyone can find out
anyone else's "real" jid.

-- 
Joe Hildebrand
Denver, CO, USA


> -----Original Message-----
> From: Peter Saint-Andre [mailto:stpeter at jabber.org]
> Sent: Thursday, August 15, 2002 3:00 PM
> To: members at jabber.org
> Subject: Re: [Foundation] Text Conferencing Ammendment
> 
> Ryan Eatmon has a solution via ChatBot which he might mention once he
gest
> it working. It would at least be as safe as memberbot is now.
> 
> Peter
> 
> --
> Peter Saint-Andre
> Jabber Software Foundation
> http://www.jabber.org/people/stpeter.html
> 
> On Thu, 15 Aug 2002 bauer at michaelbauer.com wrote:
> 
> >
> > Ben is absolutely right.  This is coming down to a simple
risk/reward
> > calcuation.  If it's the consensus of everyone that no, it's far too
> risky
> > to have the possibility of someone spoofing someone else in a text
> > conference for a Jabber Software Foundation meeting - even if votes
are
> > taking through something a bit more secure like memberbot, then
fine.
> We
> > don't get the reward of having the convenience of people to
participate
> in
> > this manner.  If they're overseas, they'll just have to spring for
the
> > potentially hundreds of dollars it could cost to participate in a
> > teleconference for an overseas phone call.  I personally don't care
> > because I'm going to attend the meeting in person.  I was just
trying to
> > make it easier for people to participate while at the same time I
seemed
> > to be making it harder to do so by advocating that we stick a bit
more
> to
> > the by-laws.
> >
> > This isn't a National (U.S.) Security conference.  It's just a
Jabber
> > meeting.
> >
> >
> > On Thu, 15 Aug 2002, Ben Schumacher wrote:
> >
> > > Playing devil's advocate now...
> > >
> > > So uh... then we all have to do a web of trust, etc, etc. How do I
> know
> > > you're really temas, despite what your PGP key says, if I haven't
met
> > > you...? (This is theoretical, of course... since we have met.) But
how
> do
> > > I know you are you say you are in person? You could have a fake
ID?
> > >
> > > /me just wants people to keep focus on the issues at hand, rather
than
> the
> > > whole internet identity problem at large.
> > >
> > > We'll just have to wait for PingID to figure that part out for us.
;)
> > >
> > > bs.
> > >
> > > On 15 Aug 2002, Thomas Muldowney wrote:
> > > > My point is, without verification of the identity through
something
> like
> > > > PGP keys, fingerprints, dna samples, or whatever else the
component
> > > > accepts, the system is probably not within the bounds we're
> researching
> > > > again.  If people accept that fact, fine, but I won't trust it
=)
> > > >
> > > > Memberbot can be partially trusted because it verifies the JID,
> which no
> > > > one has shown a complete way to spoof, yet (bum bum bum, insert
> > > > foreboding music here).  I still think it could be improved with
> > > > something like PGP signed presence, or the new XML encryption
stuff.
> > > >
> > > > --temas
> > > >
> > > >
> > > > On Thu, 2002-08-15 at 14:07, bauer at michaelbauer.com wrote:
> > > > >
> > > > > I think "useless sham" is a bit strong.  All I'm trying to do
is
> to strike
> > > > > some balance between doing what needs to be done from the
> perspective of
> > > > > the by-laws and providing some accommodation for the "Jabber
way"
> of
> > > > > communicating in a cooperative fashion.  Technically, no
meetings
> can be
> > > > > held without being there in person or on the phone in a
conference
> call.
> > > > > No votes can be carried out unless done so in-person, on the
> phone,
> > > > > in-writing, or through e-mail (and even that is a bit
suspect).
> > > > >
> > > > > We're kind of going from one extreme to the other here.
Voting
> for Board
> > > > > Members via the memberbot is definitely not acceptable yet
> everyone seemed
> > > > > OK with that.  Now, simply adding the memberbot as an
additional
> conduit
> > > > > in the context of the more legally correct physical meeting
> supplemented
> > > > > by conference calls does not seem acceptable.
> > > > >
> > > > > On 15 Aug 2002, Thomas Muldowney wrote:
> > > > >
> > > > > > You still have identity issues.  The groupchat server, in
it's
> current
> > > > > > state, just can't verify that people are who they say they
are.
> While
> > > > > > this doesn't hurt voting, it does make the meeting something
of
> a
> > > > > > useless sham.
> > > > > >
> > > > > > --temas
> > > > > >
> > > > > >
> > > > > > On Thu, 2002-08-15 at 13:31, bauer at michaelbauer.com wrote:
> > > > > > >
> > > > > > > Maybe we could something else, like MSN?
> > > > > > >
> > > > > > > :)
> > > > > > >
> > > > > > > Seriously, I think we could use groupchat for meetings but
> then carry out
> > > > > > > votes using memberbot.  That way we could have the
discussions
> and
> > > > > > > official votes would be verifiable.  I could ammend the
> ammendment to so
> > > > > > > stipulate.  Would that be acceptable?
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Thu, 15 Aug 2002, Peter Saint-Andre wrote:
> > > > > > >
> > > > > > > > My only concern right now is that groupchat is
essentially
> anonymous. We
> > > > > > > > need a way to verify that someone is who they say they
are.
> Until then I'm
> > > > > > > > not sure we can regarding groupchat as reliably or
official.
> > > > > > > >
> > > > > > > > Thoughts?
> > > > > > > >
> > > > > > > > Peter
> > > > > > > >
> > > > > > > > --
> > > > > > > > Peter Saint-Andre
> > > > > > > > Jabber Software Foundation
> > > > > > > > http://www.jabber.org/people/stpeter.html
> > > > > > > >
> > > > > > > > On Thu, 15 Aug 2002 bauer at michaelbauer.com wrote:
> > > > > > > >
> > > > > > > > >
> > > > > > > > > There has been some continual confusion over whether
we
> can use Jabber to
> > > > > > > > > actually have some of these meetings.  I'd like to try
and
> end that
> > > > > > > > > confusion for meetings of the Members:
> > > > > > > > >
> > > > > > > > > I propose that the Board of Directors approve the
addition
> of the
> > > > > > > > > following sentence to the end of the existing
paragraph
> for Section 3.1
> > > > > > > > > Place of Meetings in the Jabber Software Foundation
By-
> Laws.
> > > > > > > > >
> > > > > > > > > "Text conferencing is an approved form of remote
> communication provided
> > > > > > > > > all participants communicate with one another through
the
> text
> > > > > > > > > conference."
> > > > > > > > >
> > > > > > > > > Note a couple of things about this statement.  First,
the
> caveat that all
> > > > > > > > > participants have to communicate with one another
through
> the conference.
> > > > > > > > > This seems a little redundant but it's important
because
> you can't have
> > > > > > > > > some people talking on the phone and others talking in
the
> text
> > > > > > > > > conference.
> > > > > > > > >
> > > > > > > > > Second, note that this does NOT necessarily apply to a
> meeting of the
> > > > > > > > > Board of Directors.  I think that those meetings must
> still be conducted
> > > > > > > > > over the phone at a minimum.  Resolving whether the
Board
> can use text
> > > > > > > > > conferencing is not nearly as important right now.
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > >
----------------------------------------------------------
> ----------------
> > > > > > > > > Michael Bauer     bauer at michaelbauer.com
> http://www.michaelbauer.com
> > > > > > > > >
> > > > > > > > > _______________________________________________
> > > > > > > > > Members mailing list
> > > > > > > > > Members at jabber.org
> > > > > > > > > http://mailman.jabber.org/listinfo/members
> > > > > > > > >
> > > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > Members mailing list
> > > > > > > > Members at jabber.org
> > > > > > > > http://mailman.jabber.org/listinfo/members
> > > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > >
--------------------------------------------------------------
> ------------
> > > > > > > Michael Bauer     bauer at michaelbauer.com
> http://www.michaelbauer.com
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Members mailing list
> > > > > > > Members at jabber.org
> > > > > > > http://mailman.jabber.org/listinfo/members
> > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > Members mailing list
> > > > > > Members at jabber.org
> > > > > > http://mailman.jabber.org/listinfo/members
> > > > > >
> > > > >
> > > > > --
> > > > >
------------------------------------------------------------------
> --------
> > > > > Michael Bauer     bauer at michaelbauer.com
> http://www.michaelbauer.com
> > > > >
> > > > > _______________________________________________
> > > > > Members mailing list
> > > > > Members at jabber.org
> > > > > http://mailman.jabber.org/listinfo/members
> > > >
> > > >
> > > > _______________________________________________
> > > > Members mailing list
> > > > Members at jabber.org
> > > > http://mailman.jabber.org/listinfo/members
> > > >
> > >
> > > _______________________________________________
> > > Members mailing list
> > > Members at jabber.org
> > > http://mailman.jabber.org/listinfo/members
> > >
> >
> > --
> >
------------------------------------------------------------------------
> --
> > Michael Bauer     bauer at michaelbauer.com
> http://www.michaelbauer.com
> >
> > _______________________________________________
> > Members mailing list
> > Members at jabber.org
> > http://mailman.jabber.org/listinfo/members
> >
> 
> _______________________________________________
> Members mailing list
> Members at jabber.org
> http://mailman.jabber.org/listinfo/members



More information about the Members mailing list