[Standards] [Fwd: Re: [Council] Minutes of Council 2009-11-23]

Peter Saint-Andre stpeter at stpeter.im
Tue Nov 24 22:33:28 UTC 2009


Forwarding to standards@ so that we can have a public discussion...

-------- Original Message --------
Subject: Re: [Council] Minutes of Council 2009-11-23
Date: Tue, 24 Nov 2009 17:03:54 +0000
From: Dave Cridland <dave at cridland.net>
Reply-To: XMPP Council <council at xmpp.org>
To: XMPP Council <council at xmpp.org>
References:
<f5aae3ec0911240353p69c37112s391a65a919d58373 at mail.gmail.com>
<27382.1259079316.574865 at puncture> <4B0C0CE9.70107 at stpeter.im>

On Tue Nov 24 16:42:17 2009, Peter Saint-Andre wrote:
> And do feel free to weigh in on XEP-0249. :)

Yes, I'll weigh in on this with a -1, I'm afraid.

The security considerations should be referencing XEP-0045, but it
also needs to draw specific attention to the fact the password is
included in the clear, and may be intercepted.

This is no more or less secure than existing mediated invitations, of
course - all parties with the ability to snoop the password still
have it with direct invitations.

Also, it's probably worth noting that the common alternative to
password, being member-only rooms with the service automatically
adding invited user to the member list, won't work as transparently
here, so inviters shoudl send invitees both mediated and direct
invitations.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
 - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
 - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6820 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20091124/568347ce/attachment.bin>


More information about the Standards mailing list