[Standards] General Stance toward Security Threats in XMPP

Dave Cridland dave at cridland.net
Wed Aug 27 12:22:30 UTC 2014


Kurt Zeilenga made the excellent point that we, as a community, need to
take a stance on jid harvesting - the same applies to various other threats
that are common to many XMPP extensions.

Therefore I've started to pen a XEP which can catalogue these threats and
give guidance to extension authors on what threats need consideration
and/or mitigation. I'm suggesting this as a Standards Track XEP.

Other options would be a registry or an Informational XEP, however I feel
that because of its nature, we want something we can normatively reference
from other XEPs, and hence a Standards Track document seems the best

I'll submit the basic document (with just two threats) this afternoon to
the editors.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20140827/cf9e2911/attachment.html>

More information about the Standards mailing list