[Members] Jabber Software Map

Ulrich Staudinger us at activestocks.de
Fri Dec 2 05:54:33 CST 2005


On Fri, Dec 02, 2005 at 11:47:38AM +0100, Matthias Wimmer wrote:
> Hi Ulrich,
> 
> Ulrich Staudinger schrieb:
> 
> >A -1 from my side, i think it's not cool and easy to use. I think users
> >with accounts on j.o should immediately be able to register at that
> >service of j.o, too. 
> > 
> >
> 
> No, I agree with Peter and some others. The web server should not get 
> access to the Jabber account passwords of jabber.org. The web server has 
> been broken twice in the past, and I am not sure, that it might not 
> happen again. It would be a very bad thing, if when the webserver has 
> been broken the next time, that all passwords might be stolen as well.
> 
> And isn't JEP-0070 what we require to solve the problem?

Guys, i am not in the council and i am not that much following the
discussion regarding jep-0070, but i quickly read it over, so if
something's not correct, tell me. 


Actually i don't think that JEP-0070 will solve that proplem at all.
Jep70 is for http request authentication but not for password checking. 

Not only that an http request will time out if the xmpp-client as
leveraged in jep0070 won't respond within 90 or 120 seconds, 
jep0070 will also work only with clients, but not with foreign-servers direct 
and it won't authenticate a password (!) ("that the password MUST be a
transaction identifier " - jep70) , but just a single http request. 

Imho, for me jep0070 is only useful for a very small fraction of
requests, were a server needs immediate (active) response by a user
(Assuming that user wants to open a page, and the http server needs
immediate verification through the user or some other party). 

JEP-00070 really does not solve the authentication problem during the
login-process. We would need some sort of auth-query to foreign-servers
.... IMHO!


> >Users of other servers would require to register at j.o, which would
> >bring more users to j.o jabberd itself. 
> > 
> >
> 
> Is it our goal to get all users on jabber.org, or do you want to promote 
> an open network with many servers?


Of course we want to promote an open network! I think more users on j.o
is not counter productive to promoting an open network. 

But of course i understand the "fear" that j.o could drain users ... 

It's a discussion that we must lead ... 


Cheers, 
Ulrich




More information about the Members mailing list