On Wednesday 11 February 2009 05:06:24 Kevin Smith wrote: > On Wed, Feb 11, 2009 at 12:58 PM, Kurt Zeilenga <[email protected]> wrote: > > I'm thinking more about a non-comprised server case, but just the case of > > poor administrative practices. > > Ok, I follow, thanks. Given that, maybe keeping password requirements > on all affiliations is sensible.
There are quite many XMPP services (bots and such) that you authenticate with just by JID. Why would those things be okay, but MUC is somehow more secure and requires a password? I smell a new security discussion. -Justin
