[Standards] Changes to XEP-0077: In-Band Registration

Peter Waher peterwaher at hotmail.com
Fri Jul 8 12:58:20 UTC 2016


Hello Vaibhav

There are various extensions that can be used together with In-band registration to make it more secure.

One way, it to secure it using CAPTCHA, as outlined in XEP-0158: http://xmpp.org/extensions/xep-0158.html. This method tries to seed out bots by assuring a human user creates the account.

Another way, more suitable for controlled creation of accounts by machines (for instance, for IoT), is outlined in XEP-0348, and is based on signing IBR forms, using some other credentials that can be used to distinguish approved account creators from others.

Best regards,
Peter Waher


Message: 3
Date: Fri, 8 Jul 2016 17:28:25 +0530
From: vaibhav singh <vaibhavsinghacads at gmail.com>

Hi All,

I realised the subject was not in the correct format for the email I sent
in the morning. Please ignore that email.

I am a newbie software developer who recently started looking into XMPP
XEP's. In Band registration was something that caught my eye, as the XEP
itself said that it is utterly insecure and recommended people not to use
it.

I had some questions I wanted to clarify:
1.) Is there anything else people can use in XMPP to bootstrap users
quickly, apart from in-band registration?

2.) If in-band registration is so insecure, and (from the looks of it) so
important (atleast a really good feature to have) why are there no
alternative work flows people can use?

3.) If there is no simple alternative to In Band Registration, I can
probable try to create an XEP for an alternative protocol, or maybe suggest
some changes to the existing work flow. Can someone describe to me
concisely how to go about suggesting changes to an existing XEP/ writing an
Internet Draft?

Regards,
Vaibhav Singh


-- 

Regards,
Vaibhav Singh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20160708/2fbb403d/attachment.html>


More information about the Standards mailing list