[Standards-JIG] MUC (JEP-45) privacy & control
stpeter at jabber.org
Mon Apr 17 16:53:52 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Ian Paterson wrote:
>> Lukáš wrote:
>>> 1) ordinary users cannot block messages from other MUC
>>> participants (for example, if someone constantly insults me),
>>> because they can't use real JIDs.
>>> To ensure privacy of both sides, I propose to generate a hash
>>> (SHA1?) of every user's real JID, which would be sent with
>>> his MUC presence stanza (or with every message stanza?).
> Trejkaz wrote:
>> If we just used SHA-1 of the user's
>> JID, someone could just build up a giant list of SHA-1 hashes of all
>> known JIDs, which a user could then use to determine the identity of
>> users in anonymous" chats.
>> This can easily be fixed by also adding the JID of the conference
>> room into the hash.
> Doesn't Section 6.12 "Registering with a Room" of JEP-0045 already
> provide a solution to this problem?
> "If a user has registered with a room, the room MAY choose to restrict
> the user to use of the registered nickname only in that room. ... (this
> enables a room to 'lock down' roomnicks for consistent identification of
> The following is only a personal opinion, I'm not expecting it to result
> in changes to the JEP at this stage, although I am very interested in
> other people's opinions (I'm sure I'll learn something):
> If someone wants to be anonymous, in most cases* they can simply create
> another Jabber account. This provides much better anonymity since even
> the room server doesn't know your normal JID.
> IMHO anonymous and semi-anonymous rooms create real problems (like the
> one Lukáš described above). They also add a lot of complexity to clients
> (and servers).
Fully anonymous rooms are not recommended. Semi-anonymous rooms (your
real JID is exposed to the room admins) seem like a good thing in most
Jabber Software Foundation
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards