[Standards] Password protected rooms

Dave Cridland dave at cridland.net
Thu Feb 12 10:57:49 UTC 2009

On Wed Feb 11 18:45:34 2009, Justin Karneges wrote:
> There are quite many XMPP services (bots and such) that you  
> authenticate with
> just by JID.  Why would those things be okay, but MUC is somehow  
> more secure
> and requires a password?

Well, yes - in a perfect world, we'd sign stanzas with X.509  
certificates, and it's that thinking that makes me want to use X.509  
as our identity basis now.

I think it's not *yet* practical to go down that road, though - I  
don't think XML canonicalization libraries exist in sufficient  
quantity, and I don't think we want to demand that stanzas are signed  
individually yet. (I'd love to be proven wrong on this).

But in a year or so, this might become a practical option, in which  
case pubsub nodes, MUC rooms, and bots can simply "require signing"  
somehow, and all will be right with the world.

Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

More information about the Standards mailing list