[Standards-JIG] MUC (JEP-45) privacy & control
Lukáš 'Spike' Polívka
lukas.polivka at gmail.com
Sun Apr 16 06:45:32 UTC 2006
On 4/16/06, Nolan Eakins <sneakin at semanticgap.com> wrote:
> Lukáš 'Spike' Polívka wrote:
> > To ensure privacy of both sides, I propose to generate a hash (SHA1?)
> > of every user's real JID, which would be sent with his MUC presence
> > stanza (or with every message stanza?).
> That would work and would be pretty easy to do. Jer has actually blogged
> about something like this, MicroIDs if I remember. SHA-1 should probably
> be avoided, though the actual hash could be whatever the MUC service
> wants to use. It only needs to be a unique identifier on that service,
> unless we want an opaque identifier on the whole Jabber network.
> And these would be a perfect fit for MUC's presence stanzas.
PSA has (also?) blogged about MicroIDs. But see Trenkaz's reply to my
e-mail. These IDs should probably be unique for every room, so the
privacy is really ensured.
> > Now we have unique identifier for every user. We could extend Privacy
> > lists (or whatever) to handle these hashes.
> That's possible or the client can just block these...
Yes. I just like the idea of the messages being blocked at server
level better. Less traffic for me. :) Implementing simple ignoring in
client is just dead simple, yeah.
> > 2) room moderators cannot block IP addresses.
> > As in the previous case, a hash (of IP address in thi case) is used.
> > It must be computed on the every user's own server, because
> > (conf.)netlab.cz can't know IP addresses of users from montague.net.
> > Now room moderators could ban according to these hashes (as it's very
> > easy to create new identity/real JID).
> In theory you can ban entire domains from joining a room. I would not
> rely on IP addresses, especially with wonderful servers like ejabberd
> that support clustering. They should also not be counted on for end
> points either, ie: Jingle, file xfer, and NATs.
What would you rely on then? We have nothing to rely on now. You can
only kindly ask your server administrator to ban the bad guy's IP
address. But it's not possible to bug your administrator every time...
And he can always register at different server (if there were IP
hashes, he can still use server which doesn't send these, but room
moderator/owner could set the room so users without IP hash are
devoiced or not allowed to enter, for example.)
> > There should be some backwards-compatible way to extend JEP-45, as
> > it's Draft Standard already. :/
> It's called XMPP for a reason.
Aaaaah, so that's what these four cute letters stand for! ^_~
Lukáš 'Spike' Polívka
Jabber ID: spike411 at jabber.cz
ICQ, AIM, MSN: Never ever!
More information about the Standards