[Standards] Password protected rooms
Kurt.Zeilenga at isode.com
Wed Feb 11 12:58:01 UTC 2009
On Feb 10, 2009, at 11:25 PM, Kevin Smith wrote:
> On Tue, Feb 10, 2009 at 11:02 PM, Kurt Zeilenga <Kurt.Zeilenga at isode.com
> > wrote:
>> It seems not so sensible when the admin happens to be authenticating
>> directly to the server hosting the chatroom. But for the case
>> where the
>> administrator authenticates elsewhere, possibly to a server under
>> administrative control, (to the extent that password protected
>> rooms are at
>> all sensible) it seems at least reasonable for a server to be
>> allowed to
>> require the administrator know the password.
> If we assume secure s2s, it seems that requiring the muc owner know a
> password only protects against a compromised (or maliciously adminned)
> server where the user can be impersonated by the server admin. Given
> that the muc password is sent in plaintext, a compromised server could
> pull this out of the stream anyway, so does it buy us much to require
> a password for the muc owner?
I'm thinking more about a non-comprised server case, but just the case
of poor administrative practices.
Say the owner's account was deleted by his site's admin, and then that
account name was reassigned to some other person. Now a different
person is in control of the owner's account. This person might know
or discover his account has ownership rights on various chatrooms and
abuse those rights.
So I wonder if the password mechanism might be a way of mitigating
risks associated with such administrative practices.
Server implementations can add features to deal with this problem with
both the owner and chat room are hosted on the same server, but I
don't know any way of deal well this in the remote case except by
authentication of owner to room.
Now one can argue that the password does nothing to specifically
authenticate the owner, so maybe the password doesn't well mitigate
More information about the Standards