[Standards] Re: securing in-band registration

Alexander Gnauck gnauck at ag-software.de
Thu Jul 19 06:28:14 UTC 2007


Hello,

> Part of the solution is requiring x:data forms for registration. Yes, as
> Matthias pointed out this will make life difficult for existing clients.
> So we need to define a transition strategy. Clearly define how the
> x:data-only registration works and set some goals for deprecating the
> old way of doing things.

don't think that clients are a problem. Once this is implemented in the 
first servers we will see it also in clients. At least this it what 
always happened in the past.

> If we support media-in-forms (e.g. CAPTCHAs) we may have even stronger
> weapons. See XEP-0221 for the media element definition (recently moved
> from XEP-0158).

i agree, media-in-forms and CAPTCHAs is the way to go. And with that we 
are also prepared for new technologies. Because there exist decoders for 
the most CAPTCHAS today.

Alex




More information about the Standards mailing list