[Standards] Changes to XEP-0077: In-Band Registration
peterwaher at hotmail.com
Fri Jul 8 12:58:20 UTC 2016
There are various extensions that can be used together with In-band registration to make it more secure.
One way, it to secure it using CAPTCHA, as outlined in XEP-0158: http://xmpp.org/extensions/xep-0158.html. This method tries to seed out bots by assuring a human user creates the account.
Another way, more suitable for controlled creation of accounts by machines (for instance, for IoT), is outlined in XEP-0348, and is based on signing IBR forms, using some other credentials that can be used to distinguish approved account creators from others.
Date: Fri, 8 Jul 2016 17:28:25 +0530
From: vaibhav singh <vaibhavsinghacads at gmail.com>
I realised the subject was not in the correct format for the email I sent
in the morning. Please ignore that email.
I am a newbie software developer who recently started looking into XMPP
XEP's. In Band registration was something that caught my eye, as the XEP
itself said that it is utterly insecure and recommended people not to use
I had some questions I wanted to clarify:
1.) Is there anything else people can use in XMPP to bootstrap users
quickly, apart from in-band registration?
2.) If in-band registration is so insecure, and (from the looks of it) so
important (atleast a really good feature to have) why are there no
alternative work flows people can use?
3.) If there is no simple alternative to In Band Registration, I can
probable try to create an XEP for an alternative protocol, or maybe suggest
some changes to the existing work flow. Can someone describe to me
concisely how to go about suggesting changes to an existing XEP/ writing an
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Standards