[Members] Jabber Software Map
us at activestocks.de
Fri Dec 2 05:54:33 CST 2005
On Fri, Dec 02, 2005 at 11:47:38AM +0100, Matthias Wimmer wrote:
> Hi Ulrich,
> Ulrich Staudinger schrieb:
> >A -1 from my side, i think it's not cool and easy to use. I think users
> >with accounts on j.o should immediately be able to register at that
> >service of j.o, too.
> No, I agree with Peter and some others. The web server should not get
> access to the Jabber account passwords of jabber.org. The web server has
> been broken twice in the past, and I am not sure, that it might not
> happen again. It would be a very bad thing, if when the webserver has
> been broken the next time, that all passwords might be stolen as well.
> And isn't JEP-0070 what we require to solve the problem?
Guys, i am not in the council and i am not that much following the
discussion regarding jep-0070, but i quickly read it over, so if
something's not correct, tell me.
Actually i don't think that JEP-0070 will solve that proplem at all.
Jep70 is for http request authentication but not for password checking.
Not only that an http request will time out if the xmpp-client as
leveraged in jep0070 won't respond within 90 or 120 seconds,
jep0070 will also work only with clients, but not with foreign-servers direct
and it won't authenticate a password (!) ("that the password MUST be a
transaction identifier " - jep70) , but just a single http request.
Imho, for me jep0070 is only useful for a very small fraction of
requests, were a server needs immediate (active) response by a user
(Assuming that user wants to open a page, and the http server needs
immediate verification through the user or some other party).
JEP-00070 really does not solve the authentication problem during the
login-process. We would need some sort of auth-query to foreign-servers
> >Users of other servers would require to register at j.o, which would
> >bring more users to j.o jabberd itself.
> Is it our goal to get all users on jabber.org, or do you want to promote
> an open network with many servers?
Of course we want to promote an open network! I think more users on j.o
is not counter productive to promoting an open network.
But of course i understand the "fear" that j.o could drain users ...
It's a discussion that we must lead ...
More information about the Members