[Standards-JIG] MUC (JEP-45) privacy & control

Trejkaz trejkaz at trypticon.org
Sun Apr 16 06:26:34 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 16/04/2006, at 15:22 PM, Lukáš 'Spike' Polívka wrote:
> To ensure privacy of both sides, I propose to generate a hash (SHA1?)
> of every user's real JID, which would be sent with his MUC presence
> stanza (or with every message stanza?).

That part wasn't a bad idea, but if we just used SHA-1 of the user's  
JID, someone could just build up a giant list of SHA-1 hashes of all  
known JIDs, which a user could then use to determine the identity of  
users in anonymous" chats.

This can easily be fixed by also adding the JID of the conference  
room into the hash.

TX

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)

iD8DBQFEQeOfuMe8iwN+6nMRAo2XAKCDUXpK6h392oaVRdRG270WvG2gQgCeM19J
nzjOc7x6J3cNprmegt1H2BM=
=/9yr
-----END PGP SIGNATURE-----



More information about the Standards mailing list