[Members] In-Band Regiration with Jabber.org
Robert B Quattlebaum, Jr.
darco at deepdarc.com
Thu Oct 26 14:05:25 CDT 2006
On Oct 26, 2006, at 5:56 AM, Tomasz Sterna wrote:
> On 10/26/06, Robert B Quattlebaum, Jr. <darco at deepdarc.com> wrote:
>> I really think that jabber.org should not allow anonymous
>> for account creation. I think that it sets a bad precedent, and is
>> ripe for
>> automation and other sorts of abuse. At the very least, jabber.org
>> should do
>> some sort of email-address verification, but currently it does
> I can't see why we cannot do e-mail verification during in-band
> Or any other method of verifing users.
OK, then lets do that. Make is required.
> How does registering via HTTP differ from registering via XMPP?
HTTP registration should be an option for users of clients which
either implement jabber:iq:register poorly or not at all.
>> on the jabber.org site. Such a page should have a CAPTCHA and at
>> least get
> You've said a very, very bad word. I see a flame coming. :-)
I'm fine tossing the CAPTCHA, but we need some sort of verification.
We could do this:
If the IP of the user is not on a black-hole list(BHL), the email
verification works, and the email server is not on a black-hole list,
then the user account should be granted.
If the user's IP or the IP of the email server is on a BHL, then give
them the CAPTCHA. That way, the overwhelming majority of users would
not have to bother with a CAPTCHA.
> But... We have mathod for that.
Deferred... hmm... I'd be fine with implementing it.
>> We need to take measures now to help prevent the public federated
>> network from becoming a hostile environment.
> It was discussed before:
None of these have been implemented, and they all have red
disclaimers. In-band registration as it is currently implemented on
jabber.org is just waiting to be abused. I'm suggesting that we
prevent that instead of waiting until the abuse begins.
Jabber: darco at deepdarc.com
eMail: darco at deepdarc.com
More information about the Members