[Operators] Launching XMPP anti-abuse initiative

Peter Saint-Andre stpeter at stpeter.im
Sun May 4 22:30:16 CDT 2008


On 05/04/2008 7:15 AM, Mickaël Rémond wrote:
> Hello,
> 
> I feel it is time to work more publicly on something we have been
> working since a while now at ProcessOne.
> 
> We have deployed ejabberd on many of the largest public XMPP deployment.
> As such we see with our customers lots if not all possible real life
> abuse cases.
> Since one year now, we have started an internal initiative to protect
> deployed servers against those known abuses. For us, it consists in
> providing patch to fight such a case, but also tools to enforce users
> behaviours.
> 
> I think that the awareness of such problem as risen recently and we
> would like to open this initiative to people interested in thinking with
> us about possible abuse cases and solutions, implementation, best
> pratices and collective mecanism to limit those problems.

Good idea. I'd like to incorporate these insights into all the relevant
specifications, too (e.g., we need to update XEP-0045 to reflect the
many possible abuse scenarios we've encountered). See also XEP-0205:

http://www.xmpp.org/extensions/xep-0205.html

> We have opened a wiki (account needed to edit pages) and we will be
> moving progressivelly our internal content to this space:
> https://support.process-one.net/doc/display/XAAI/Home
> 
> Please, drop me a mail if you would like to get an account to work with
> us on this topic.
> 
> I hope this helps :)

Good idea. IMHO we have a lot of work to do in order to provide better
protection for the network as a whole.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/operators/attachments/20080504/812f922f/attachment-0001.bin 


More information about the Operators mailing list