On 12/10/09 5:21 PM, Mihael Pranjić wrote: > Am Freitag, 11. Dezember 2009 01:03:51 schrieben Sie: >> On 12/10/09 4:55 PM, Jonathan Schleifer wrote: >>> Am 10.12.2009 um 23:50 schrieb Mihael Pranjić: >>>> It clearly does sound like a sane idea. This would solve the problem >>>> of having >>>> multiple users use the same JID after it was deleted. But think of >>>> jabber accounts that were created, used for short time and then left >>>> lying aroung on >>>> the server. This includes unnecessarily created accounts and so on. >>>> However it >>>> is defined, on most public services there are many jabber accounts >>>> just lying >>>> around, unused. This makes it impossible for someone who would really >>>> like to >>>> use the same JID to register it, as he does not have the email adress. >>>> >>>> In short there wont be two different people using the same jabber >>>> account, >>>> regardless of the fact that there may be "garbage" accounts that are not >>>> really used. This makes it impossible tot get the jid, even for the >>>> people who >>>> would really use it. >>>> >>>> Captcha could prevent an amount of "garbage" accounts, but is not 100% >>>> proof. >>>> Anyone can still create accounts and not use them. >>> Well, you could make a difference between accounts that have been used >>> for a while and accounts that have been registered but never used. For >>> example, if the user never logged in two weeks after it has been >>> created, it is unlikely that the account has ever been used properly - >>> in this case, I guess it is safe to remove it, as I don't think someone >>> who just registered account will get important privileges anywhere. >> Says who? >> >> I tell all the people who matter that I'm creating a new account because >> I'm tired of having 2400 people in my roster at the old account, on day >> one I become a room owner for a bunch of chatrooms, then I go offline >> for a two-week vacation. I come home and my account is gone. What gives? >> >> Look, we can spin out weird scenarios all day. >> >> Peter > > Yeah we can, but going through some scenarios can show up security issues > related to this. If the discussion is not welcome we can stop *LOL* > If no one thinks this is a topic that should be discussed we can just close > it.
Discussion is good, but I don't think we're making any progress here. In any case I'll think about this for the jabber.org service, but we have more pressing issues to work on right now. > In my opinion though this issue comes with XMPP and it wont go away. Its > related to its design. You just can not identify someone 100%. This is the > same with email too. Maybe something with/like openpgp can be figured out. > Any > kind of unique signature. Openpgp can be used in client to client chats, but > MUCs dont support unique identifying through something like openpgp. Once you > prove a users pgp fingerprint and add it to the room configuration you could > identify the user easily. I am not sure about how to implement this though, > not even sure if it would work. Doesnt seem that insane though imho And how many people use PGP? That's not a scalable system for real people. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
