[Standards] Password protected rooms

Pavel Simerda pavlix at pavlix.net
Thu Feb 12 11:08:44 UTC 2009


On Wed, 11 Feb 2009 10:45:34 -0800
Justin Karneges <justin-keyword-jabber.093179 at affinix.com> wrote:

> On Wednesday 11 February 2009 05:06:24 Kevin Smith wrote:
> > On Wed, Feb 11, 2009 at 12:58 PM, Kurt Zeilenga
> > <Kurt.Zeilenga at isode.com> 
> wrote:
> > > I'm thinking more about a non-comprised server case, but just the
> > > case of poor administrative practices.
> >
> > Ok, I follow, thanks. Given that, maybe keeping password
> > requirements on all affiliations is sensible.
> 
> There are quite many XMPP services (bots and such) that you
> authenticate with just by JID.  Why would those things be okay, but
> MUC is somehow more secure and requires a password?
> 
> I smell a new security discussion.

Wouldn't these be better on the security list?

I'm also against over-specific password authentication in individual
XEPS.

If we want better authentication, it may be reused by several XEPs and
may be optional, too.

Pavel

> -Justin


-- 

Freelance consultant and trainer
in networking, communications and security.

Web: http://www.pavlix.net/
Jabber, Mail: pavlix(at)pavlix.net
OpenID: pavlix.net



More information about the Standards mailing list