[Standards-JIG] MUC (JEP-45) privacy & control

Nolan Eakins sneakin at semanticgap.com
Sun Apr 16 06:30:32 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lukáš 'Spike' Polívka wrote:
> To ensure privacy of both sides, I propose to generate a hash (SHA1?)
> of every user's real JID, which would be sent with his MUC presence
> stanza (or with every message stanza?).

That would work and would be pretty easy to do. Jer has actually blogged
about something like this, MicroIDs if I remember. SHA-1 should probably
be avoided, though the actual hash could be whatever the MUC service
wants to use. It only needs to be a unique identifier on that service,
unless we want an opaque identifier on the whole Jabber network.

And these would be a perfect fit for MUC's presence stanzas.

> Now we have unique identifier for every user. We could extend Privacy
> lists (or whatever) to handle these hashes.

That's possible or the client can just block these...

> 2) room moderators cannot block IP addresses.
> As in the previous case, a hash (of IP address in thi case) is used.
> It must be computed on the every user's own server, because
> (conf.)netlab.cz can't know IP addresses of users from montague.net.
> Now room moderators could ban according to these hashes (as it's very
> easy to create new identity/real JID).

In theory you can ban entire domains from joining a room. I would not
rely on IP addresses, especially with wonderful servers like ejabberd
that support clustering. They should also not be counted on for end
points either, ie: Jingle, file xfer, and NATs.

> There should be some backwards-compatible way to extend JEP-45, as
> it's Draft Standard already. :/

It's called XMPP for a reason.

- - Nolan

- --
SemanticGap: To act as one (TM) -- http://www.semanticgap.com/
Instant awareness & messaging * Online presence design
Cross platform and agile development
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEQeSHhuPszQVSPEARAosGAKC8Ti9Q8uAARj2GDHhfJDNuMKM2UQCgxnFL
35IQlW4p40/eQ22RJl+8u9g=
=ANsW
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sneakin.vcf
Type: text/x-vcard
Size: 219 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20060416/0dc79afc/attachment.vcf>


More information about the Standards mailing list