[Standards-JIG] MUC (JEP-45) privacy & control

Peter Saint-Andre stpeter at jabber.org
Mon Apr 17 16:53:52 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ian Paterson wrote:
>> Lukáš wrote:
>>> 1) ordinary users cannot block messages from other MUC 
>>> participants (for example, if someone constantly insults me), 
>>> because they can't use real JIDs.
>>>
>>> To ensure privacy of both sides, I propose to generate a hash 
>>> (SHA1?) of every user's real JID, which would be sent with 
>>> his MUC presence stanza (or with every message stanza?).
> Trejkaz wrote:
>> If we just used SHA-1 of the user's  
>> JID, someone could just build up a giant list of SHA-1 hashes of all  
>> known JIDs, which a user could then use to determine the identity of  
>> users in anonymous" chats.
>>
>> This can easily be fixed by also adding the JID of the conference  
>> room into the hash.
> 
> Doesn't Section 6.12 "Registering with a Room" of JEP-0045 already
> provide a solution to this problem?
> 
> "If a user has registered with a room, the room MAY choose to restrict
> the user to use of the registered nickname only in that room. ... (this
> enables a room to 'lock down' roomnicks for consistent identification of
> occupants)."
> 
> 
> The following is only a personal opinion, I'm not expecting it to result
> in changes to the JEP at this stage, although I am very interested in
> other people's opinions (I'm sure I'll learn something):
> 
> If someone wants to be anonymous, in most cases* they can simply create
> another Jabber account. This provides much better anonymity since even
> the room server doesn't know your normal JID.
> 
> IMHO anonymous and semi-anonymous rooms create real problems (like the
> one Lukáš described above). They also add a lot of complexity to clients
> (and servers).

Fully anonymous rooms are not recommended. Semi-anonymous rooms (your
real JID is exposed to the room admins) seem like a good thing in most
cases.

Peter

- --
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEQ8ggNF1RSzyt3NURAk62AJ4hR4jDM3FGSrde7Rc2I6zNLhCbvACdHLXj
EU+5lGjBCR54O763yMfyDfI=
=53qr
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20060417/798b86d2/attachment.bin>


More information about the Standards mailing list