[Standards] Password protected rooms
pavlix at pavlix.net
Thu Feb 12 11:08:44 UTC 2009
On Wed, 11 Feb 2009 10:45:34 -0800
Justin Karneges <justin-keyword-jabber.093179 at affinix.com> wrote:
> On Wednesday 11 February 2009 05:06:24 Kevin Smith wrote:
> > On Wed, Feb 11, 2009 at 12:58 PM, Kurt Zeilenga
> > <Kurt.Zeilenga at isode.com>
> > > I'm thinking more about a non-comprised server case, but just the
> > > case of poor administrative practices.
> > Ok, I follow, thanks. Given that, maybe keeping password
> > requirements on all affiliations is sensible.
> There are quite many XMPP services (bots and such) that you
> authenticate with just by JID. Why would those things be okay, but
> MUC is somehow more secure and requires a password?
> I smell a new security discussion.
Wouldn't these be better on the security list?
I'm also against over-specific password authentication in individual
If we want better authentication, it may be reused by several XEPs and
may be optional, too.
Freelance consultant and trainer
in networking, communications and security.
Jabber, Mail: pavlix(at)pavlix.net
More information about the Standards