[Standards] Secure Attribution of Mediated MUC Invitations

Daurnimator quae at daurnimator.com
Wed Jan 25 02:48:59 UTC 2017


On 25 January 2017 at 00:15, Georg Lukas <georg at op-co.de> wrote:
> Are there any real-world use cases (or implementations) that use bare
> JID or occupant JID in mediated invitations? If no, I would like to
> mandate in XEP-0045 that the full JID has to be used, thus allowing the
> invitee to verify the sender (see if they have a presence from the
> claimed JID), and to auto-join in a secure fashion.

In prosody's (trunk) MUC component the JID in a mediated invite
follows the room's 'whois' setting.
https://hg.prosody.im/trunk/file/e16b3fd0bd80/plugins/muc/whois.lib.lua#l50


More information about the Standards mailing list