So I'm in the thick of implementing groupchat/conferencing in my client. Thanks to temas for pointing me to the latest docs so I didn't keep working off of the obsolete stuff in the JPG!
My current head-scratcher is: the person creating a chat room can set a "secret" or password that's required to join the room. However, there doesn't seem to be any way in the protocol for a client being invited to the chat room to be told what the password is. As far as I can tell the only way is to go roundabout through the people involved, i.e. the inviter adds "the password is froolap" to the invitation message, and the receiver then has to read that and type "froolap" into a dialog box when accepting the invitation. Kind of awkward. Or did I miss something?
I'm also not entirely happy with the security of a shared password, especially for a chat room that might be more-or-less permanent. As soon as someone spills the beans (or eavesdrops on someone joining the chat), the security of the room is compromised. Have there been any proposals for better security? For example, a simple improvement would be one-time passwords: the server makes up a different secret for every invitation and stuffs it in the invitation. The invitee has to echo the secret.
Speaking of longevity of chat rooms, do they disappear when the last person leaves? If not, how do you get rid of one?
As always, thanks ...
--Jens
- RE: [JDEV] Groupchat and "secrets" jens
- RE: [JDEV] Groupchat and "secrets" Greg Wong
- Re: [JDEV] Groupchat and "secrets" David Waite
- Re: [JDEV] Groupchat and "secrets" Peter Saint-Andre
- Re: [JDEV] Groupchat and "secrets" David Waite
- Re: [JDEV] Groupchat and "secrets" Jens Alfke
- Re: [JDEV] Groupchat and "secrets" Peter Saint-Andre
