On Sun, Oct 04, 2009 at 03:16:05PM +0200, Rémy Sanchez wrote: > Unlike SMTP, Wave require an authentication of the users. For that reason, I
I am not really sure what the security measures are for federated sessions. e.g. could I connect to wave.google.com as a federated session and pretend to be coming from wave.microsoft.com? I suspect the answer might be either "no" or "its more difficult then with SMTP" however I am not sure of the details. > think that you can easily ban spamers from wave servers. Hmm. Unlikely I think, they can just keep coming back with different accounts. However if you see a wave from a friend and can have some assurance that it really is from the friend, and not a spammer trying to trick you into removing excess cash from you bank accounts, then this would be a good thing. Of course the friend may have chosen an obvious password - the technology can't solve the entire security problem. A potential problem with Wave, at the moment, is that users could be tricked into thinking that a spammer is their friend if the spammer sets their user name and icon to match. A difficult problem, I can't think of a good solution here. -- Brian May <[email protected]> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Wave API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-wave-api?hl=en -~----------~----~----~----~------~----~------~--~---
