On Tue, Feb 10, 2009 at 11:02 PM, Kurt Zeilenga <[email protected]> wrote: > It seems not so sensible when the admin happens to be authenticating > directly to the server hosting the chatroom. But for the case where the > administrator authenticates elsewhere, possibly to a server under separate > administrative control, (to the extent that password protected rooms are at > all sensible) it seems at least reasonable for a server to be allowed to > require the administrator know the password.
If we assume secure s2s, it seems that requiring the muc owner know a password only protects against a compromised (or maliciously adminned) server where the user can be impersonated by the server admin. Given that the muc password is sent in plaintext, a compromised server could pull this out of the stream anyway, so does it buy us much to require a password for the muc owner? /K
